Skip to content

Instantly share code, notes, and snippets.

@bradchesney79

bradchesney79/Initial Notes

Last active December 12, 2015 00:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bradchesney79/4686426 to your computer and use it in GitHub Desktop.
Save bradchesney79/4686426 to your computer and use it in GitHub Desktop.
Download ZIP
Wall-o-text for Debian Wheezy (7.0/testing) Multi-user High Performance Web-server with High Security Features
Raw
Initial Notes
My updated notes follow:
Many thanks to the patient souls in #debian, #php-fpm, and #httpd on Freenode
Many commands and much info stolen from these locations:
http://www.rackaid.com/resources/linux-screen-tutorial-and-how-to/
http://www.debian.org/releases/testing/amd64/release-notes/ch-upgrading.en.html#newkernel
https://sites.google.com/site/mydebiansourceslist/
http://linux.justinhartman.com/Setting_up_a_LAMP_Server
http://www.debian-administration.org/articles/349
http://www.lavluda.com/2008/02/02/install-imagemagick-support-to-your-debianubuntu-server/
http://php.net/manual/en/imagick.setup.php
http://www.lavluda.com/2007/07/15/how-to-enable-mod_rewrite-in-apache22-debian/
http://www.debian-administration.org/articles/284
http://openvpn.net/archive/openvpn-users/2004-05/msg00355.html
http://wiki.apache.org/httpd/RemoveSSLCertPassPhrase
http://httpd.apache.org/docs/2.2/vhosts/examples.html
http://www.youtube.com/watch?v=dtclmj3H7ZU
http://www.youtube.com/watch?v=FLPx7HLLteI
http://wiki.debian.org/SELinux/Setup#Steps_to_setup_SELinux
http://debian-handbook.info/browse/wheezy/sect.selinux.html
http://dev.mysql.com/doc/refman/5.0/en/mysql-secure-installation.html
http://www.mysqlperformanceblog.com/2009/01/28/the-perils-of-innodb-with-debian-and-startup-scripts/
http://wiki.phpmyadmin.net/pma/Quick_Install#Manually
http://wiki.phpmyadmin.net/pma/Configuration_storage
http://pastebin.com/index/HyE87bcF#php-fpm with chroot haroldp
https://gist.github.com/3849349#php-fpm diemuzi
https://github.com/SimonSimCity/webserver-configuration/commit/3828c49d4f3d0957a3149be492c219ed00201ede
http://undefinederror.org/tutorials/apache2-mpm-worker-fastcgi-php5-fpm-on-debian/ #This one is great.
http://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/ #how many pm.max_children for the fpm pools
http://www.brandonsavage.net/to-stat-or-not-to-stat/ #mod_apc caching
Base debian 6 32-bit linode.com Virtual Private Server install
(On linode build images, the ssh package is preinstalled for you.
apt-get install ssh
on the server for everyone else without it.
ifconfig
to get your IP address.
You may only have access via the local network at that address. Google "NAT")
login via ssh as root
ssh root@012.345.678.910
once screen is up update and upgrade the system
apt-get update
apt-get upgrade
install the kernel metapackage
apt-get install linux-image-2.6.32-5-686
(apt-get install linux-image-2.6.32-5-amd64 for AMD64 based 64-bit machines)
test that the new kernel metapackage is installed (pray you see output)
dpkg -l "linux-image*" | grep ^ii
I get one line that starts with "ii" followed by the package name, the dotted numeric version, and a short text description.
verify everything is in good order (no output is what you want)
dpkg --audit
aptitude search "~ahold"
apt-get clean
reboot
edit /etc/apt/sources.list
vi /etc/apt/sources.list
-----/etc/apt/sources.list-----
#
# deb cdrom:[Debian GNU/Linux 6.0.3 _Squeeze_ - Official i386 NETINST Binary-1 20111008-19:55]/ squeeze main
#deb cdrom:[Debian GNU/Linux 6.0.3 _Squeeze_ - Official i386 NETINST Binary-1 20111008-19:55]/ squeeze main
#deb http://ftp.us.debian.org/debian/ squeeze main
#deb-src http://ftp.us.debian.org/debian/ squeeze main
#deb http://security.debian.org/ squeeze/updates main
#deb-src http://security.debian.org/ squeeze/updates main
# squeeze-updates, previously known as 'volatile'
#deb http://ftp.us.debian.org/debian/ squeeze-updates main
#deb-src http://ftp.us.debian.org/debian/ squeeze-updates main
###################
## Debian Testing ##
###################
# Testing
#deb http://ftp.debian.org/debian/ testing main contrib non-free
#deb-src http://ftp.debian.org/debian/ testing main contrib non-free
###################
## Debian Wheezy ##
###################
deb http://ftp.debian.org/debian/ wheezy main contrib non-free
#deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free
# Testing Security http://secure-testing-master.debian.net/
deb http://security.debian.org wheezy/updates main contrib non-free
#deb-src http://security.debian.org wheezy/updates main contrib non-free
update the system
apt-get update
run a distribution upgrade
apt-get dist-upgrade
----------
you will be presented with distribution upgrade notes:
q (will exit the less program)
You will be presented with a choice of automatically restarting services
=====Code Output=====
│ There are services installed on your system which need to be restarted when certain libraries, such as libpam, libc, │
│ and libssl, are upgraded. Since these restarts may cause interruptions of service for the system, you will normally be │
│ prompted on each upgrade for the list of services you wish to restart. You can choose this option to avoid being │
│ prompted; instead, all necessary restarts will be done for you automatically so you can avoid being asked questions on │
│ each library upgrade. │
│ │
│ Restart services during package upgrades without asking? │
│ │
│ <Yes> <No>
==========
I chose yes and hit <Enter>
=====Code Output=====
Configuration file `/etc/default/rc'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** rcS (Y/I/N/O/D/Z) [default=N] ?
==========
I hit <Enter> to choose the default
=====Code Output=====
│ The new Linux kernel version provides different drivers for some PATA (IDE) controllers. The names of some hard disk, │
│ CD-ROM, and tape devices may change. │
│ │
│ It is now recommended to identify disk devices in configuration files by label or UUID (unique identifier) rather than │
│ by device name, which will work with both old and new kernel versions. │
│ │
│ If you choose to not update the system configuration automatically, you must update device IDs yourself before the │
│ next system reboot or the system may become unbootable. │
│ │
│ Update disk device IDs in system configuration? │
│ │
│ <Yes> <No> │
│ │
==========
I chose Yes and hit <Enter>
=====Code Output=====
│ │
│ Boot loader configuration check needed │
│ │
│ The boot loader configuration for this system was not recognized. These settings in the configuration may need to be │
│ updated: │
│ │
│ * The root device ID passed as a kernel parameter; │
│ * The boot device ID used to install and update the boot loader. │
│ │
│ │
│ You should generally identify these devices by UUID or label. However, on MIPS systems the root device must be │
│ identified by name. │
│ │
│ <Ok> │
│ │
==========
I hit <Enter> to choose Ok and continue
=====Code Output=====
Configuration file `/etc/dhcp/dhclient.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** dhclient.conf (Y/I/N/O/D/Z) [default=N] ?
==========
I hit <Enter> to choose the default
reboot
!!!!!NOTE!!!!!
Brad, if you are starting here from the VM base:
apt-get update
apt-get upgrade
!!!!!!!!!!
Start building the web server
apt-get install libapache2-mod-fastcgi apache2-mpm-worker php5-fpm php-apc php5-curl
vi /etc/php5/fpm/conf.d/20-apc.ini
-----/etc/php5/fpm/conf.d/20-apc.ini-----
extension=apc.so
apc.enabled=1
apc.stat=0
apc.mmap_file_mask = /tmp/apc-XXXXXX
apc.enable_cli = 0
apc.max_file_size = 2M
apc.stat_ctime = 0
apc.shm_size = 128M
apc.canonicalize=0
----------
vi /etc/apache2/mods-available/fastcgi.conf
-----/etc/apache2/mods-available/fastcgi.conf-----
FastCgiIpcDir /var/lib/apache2/fastcgi
AddHandler php5-fcgi .php
Action php5-fcgi /fcgi-bin
----------
mv /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/default.conf
vi /etc/php5/fpm/pool.d/default.conf
-----/etc/php5/fpm/pool.d/default.conf-----
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[default]
; Per pool prefix
; It only applies on the following directives:
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/www/.sockets/default.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0666
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
;pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
----------
apt-get install rssh
vi /etc/rssh.conf
-----/etc/rssh.conf-----
# This is the default rssh config file
# set the log facility. "LOG_USER" and "user" are equivalent.
logfacility = LOG_USER
# Leave these all commented out to make the default action for rssh to lock
# users out completely...
#allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync
#allowsvnserve
# set the default umask
umask = 022
# If you want to chroot users, use this to set the directory where the root of
# the chroot jail will be located.
#
# if you DO NOT want to chroot users, LEAVE THIS COMMENTED OUT.
# chrootpath = /usr/local/chroot
# You can quote anywhere, but quotes not required unless the path contains a
# space... as in this example.
#chrootpath = "/usr/local/my chroot"
##########################################
# EXAMPLES of configuring per-user options
#user=rudy:077:000100: # the path can simply be left out to not chroot
#user=rudy:077:000100 # the ending colon is optional
#user=rudy:011:001000: # cvs, with no chroot
#user=rudy:011:010000: # rdist, with no chroot
#user=rudy:011:100000: # rsync, with no chroot
#user=rudy:011:000001: # svnserve, with no chroot
#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted
#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak!
#user=rudy:'011:000010:/usr/local/chroot' # single quotes too
# if your chroot_path contains spaces, it must be quoted...
# In the following examples, the chroot_path is "/usr/local/my chroot"
#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot
#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot
#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot
# Spaces before or after the '=' are fine, but spaces in chrootpath need
# quotes.
#user = "rudy:011:000010:/usr/local/my chroot"
#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end
#user="username:770:000100:/home/username"
----------
a2enmod actions ssl
restart php5-fpm
service php5-fpm restart
restart apache, not reload
service apache2 restart
apt-get install php-pear imagemagick re2c libmagickwand-dev php5-dev make wkhtmltopdf xvfb msttcorefonts
pear config-set preferred_state beta
=====Script Output=====
config-set succeeded
==========
pecl install Imagick
You will be asked for the location of the Imagemagick installation, I just hit <Enter> to autodetect.
=====Script Output=====
downloading imagick-3.1.0RC2.tgz ...
Starting to download imagick-3.1.0RC2.tgz (93,264 bytes)
.............done: 93,264 bytes
15 source files, building
running: phpize
Configuring for:
PHP Api Version: 20100412
Zend Module Api No: 20100525
Zend Extension Api No: 220100525
Please provide the prefix of Imagemagick installation [autodetect] :
building in /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2
running: /tmp/pear/temp/imagick/configure --with-imagick
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for PHP prefix... /usr
checking for PHP includes... -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib
checking for PHP extension directory... /usr/lib/php5/20100525
checking for PHP installed headers prefix... /usr/include/php5
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... re2c
checking for re2c version... 0.13.5 (ok)
checking for gawk... no
checking for nawk... nawk
checking if nawk is broken... no
checking whether to enable the imagick extension... yes, shared
checking whether to enable the imagick GraphicsMagick backend... no
checking ImageMagick MagickWand API configuration program... found in /usr/bin/MagickWand-config
checking if ImageMagick version is at least 6.2.4... found version 6.7.7 Q16
checking for MagickWand.h header file... found in /usr/include/ImageMagick/wand/MagickWand.h
checking PHP version is at least 5.1.3... yes. found 5.4.4-10
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /bin/sed
checking for fgrep... /bin/grep -F
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... (cached) nawk
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for sysroot... no
checking for mt... mt
checking if mt is a manifest tool... no
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking if cc supports -c -o file.o... (cached) yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
configure: creating ./config.status
config.status: creating config.h
config.status: executing libtool commands
running: make
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_file.c -o imagick_file.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_file.c -fPIC -DPIC -o .libs/imagick_file.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_class.c -o imagick_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_class.c -fPIC -DPIC -o .libs/imagick_class.o
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimagematte':
/tmp/pear/temp/imagick/imagick_class.c:276:2: warning: 'MagickGetImageMatte' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:82) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_paintfloodfillimage':
/tmp/pear/temp/imagick/imagick_class.c:1034:3: warning: 'MagickPaintFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:99) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c:1037:3: warning: 'MagickPaintFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:99) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_recolorimage':
/tmp/pear/temp/imagick/imagick_class.c:1420:2: warning: 'MagickRecolorImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:109) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_colorfloodfillimage':
/tmp/pear/temp/imagick/imagick_class.c:3423:2: warning: 'MagickColorFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:75) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_mapimage':
/tmp/pear/temp/imagick/imagick_class.c:3763:2: warning: 'MagickMapImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:86) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_mattefloodfillimage':
/tmp/pear/temp/imagick/imagick_class.c:3796:2: warning: 'MagickMatteFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:88) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_medianfilterimage':
/tmp/pear/temp/imagick/imagick_class.c:3823:2: warning: 'MagickMedianFilterImage' is deprecated (declared at /usr/include/ImageMagick/wand/magick-image.h:217) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_paintopaqueimage':
/tmp/pear/temp/imagick/imagick_class.c:3886:2: warning: 'MagickPaintOpaqueImageChannel' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:104) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_painttransparentimage':
/tmp/pear/temp/imagick/imagick_class.c:3949:2: warning: 'MagickPaintTransparentImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:107) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_reducenoiseimage':
/tmp/pear/temp/imagick/imagick_class.c:4092:2: warning: 'MagickReduceNoiseImage' is deprecated (declared at /usr/include/ImageMagick/wand/magick-image.h:265) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimageattribute':
/tmp/pear/temp/imagick/imagick_class.c:5101:2: warning: 'MagickGetImageAttribute' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:59) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimagechannelextrema':
/tmp/pear/temp/imagick/imagick_class.c:5288:2: warning: 'MagickGetImageChannelExtrema' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:78) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimageextrema':
/tmp/pear/temp/imagick/imagick_class.c:5542:2: warning: 'MagickGetImageExtrema' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:80) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimageindex':
/tmp/pear/temp/imagick/imagick_class.c:6383:2: warning: 'MagickGetImageIndex' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:65) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_setimageindex':
/tmp/pear/temp/imagick/imagick_class.c:6408:2: warning: 'MagickSetImageIndex' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:113) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimagesize':
/tmp/pear/temp/imagick/imagick_class.c:6486:2: warning: 'MagickGetImageSize' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:140) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_setimageattribute':
/tmp/pear/temp/imagick/imagick_class.c:6835:2: warning: 'MagickSetImageAttribute' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:111) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_flattenimages':
/tmp/pear/temp/imagick/imagick_class.c:7082:2: warning: 'MagickFlattenImages' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:132) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_averageimages':
/tmp/pear/temp/imagick/imagick_class.c:8128:2: warning: 'MagickAverageImages' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:131) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_mosaicimages':
/tmp/pear/temp/imagick/imagick_class.c:8567:2: warning: 'MagickMosaicImages' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:135) [-Wdeprecated-declarations]
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickdraw_class.c -o imagickdraw_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickdraw_class.c -fPIC -DPIC -o .libs/imagickdraw_class.o
/tmp/pear/temp/imagick/imagickdraw_class.c: In function 'zim_imagickdraw_setfillalpha':
/tmp/pear/temp/imagick/imagickdraw_class.c:398:2: warning: 'DrawSetFillAlpha' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:167) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagickdraw_class.c: In function 'zim_imagickdraw_setstrokealpha':
/tmp/pear/temp/imagick/imagickdraw_class.c:458:2: warning: 'DrawSetStrokeAlpha' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:168) [-Wdeprecated-declarations]
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixel_class.c -o imagickpixel_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixel_class.c -fPIC -DPIC -o .libs/imagickpixel_class.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixeliterator_class.c -o imagickpixeliterator_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixeliterator_class.c -fPIC -DPIC -o .libs/imagickpixeliterator_class.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_helpers.c -o imagick_helpers.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_helpers.c -fPIC -DPIC -o .libs/imagick_helpers.o
/tmp/pear/temp/imagick/imagick_helpers.c: In function 'php_imagick_validate_map':
/tmp/pear/temp/imagick/imagick_helpers.c:149:12: warning: initialization discards 'const' qualifier from pointer target type [enabled by default]
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick.c -o imagick.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick.c -fPIC -DPIC -o .libs/imagick.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=link cc -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -o imagick.la -export-dynamic -avoid-version -prefer-pic -module -rpath /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules imagick_file.lo imagick_class.lo imagickdraw_class.lo imagickpixel_class.lo imagickpixeliterator_class.lo imagick_helpers.lo imagick.lo -lMagickWand -lMagickCore
libtool: link: cc -shared -fPIC -DPIC .libs/imagick_file.o .libs/imagick_class.o .libs/imagickdraw_class.o .libs/imagickpixel_class.o .libs/imagickpixeliterator_class.o .libs/imagick_helpers.o .libs/imagick.o /usr/lib/x86_64-linux-gnu/libMagickWand.so /usr/lib/x86_64-linux-gnu/libMagickCore.so -O2 -fopenmp -pthread -Wl,-soname -Wl,imagick.so -o .libs/imagick.so
libtool: link: ( cd ".libs" && rm -f "imagick.la" && ln -s "../imagick.la" "imagick.la" )
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=install cp ./imagick.la /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules
libtool: install: cp ./.libs/imagick.so /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules/imagick.so
libtool: install: cp ./.libs/imagick.lai /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules/imagick.la
libtool: finish: PATH="/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules
----------------------------------------------------------------------
Libraries have been installed in:
/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
running: make INSTALL_ROOT="/tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2" install
Installing shared extensions: /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5/20100525/
Installing header files: /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/
running: find "/tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2" | xargs ls -dils
278621 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2
278655 4 drwxr-xr-x 4 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr
278659 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include
278660 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5
278661 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext
278662 4 drwxr-xr-x 2 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick
278664 28 -rw-r--r-- 1 root root 24972 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick/php_imagick_defs.h
278663 4 -rw-r--r-- 1 root root 2479 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick/php_imagick.h
278665 4 -rw-r--r-- 1 root root 1795 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick/php_imagick_shared.h
278656 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib
278657 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5
278658 4 drwxr-xr-x 2 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5/20100525
278654 1392 -rwxr-xr-x 1 root root 1419123 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5/20100525/imagick.so
Build process completed successfully
Installing '/usr/lib/php5/20100525/imagick.so'
Installing '/usr/include/php5/ext/imagick/php_imagick_defs.h'
Installing '/usr/include/php5/ext/imagick/php_imagick.h'
Installing '/usr/include/php5/ext/imagick/php_imagick_shared.h'
install ok: channel://pecl.php.net/imagick-3.1.0RC2
configuration option "php_ini" is not set to php.ini location
You should add "extension=imagick.so" to php.ini
==========
vi /etc/php5/fpm/conf.d/30-imagick.ini
-----/etc/php5/fpm/conf.d/30-imagick.ini-----
extension = imagick.so
----------
vi /etc/php5/fpm/php.ini
(at line 213 for me)
short_open_tag = Off
(at line 674 for me)
post_max_size = 12M
(at line 802 for me)
upload_max_filesize = 12M
(at line 1360 for me)
session.cookie_secure = 1
(at line 1391 for me)
session.cookie_httponly = 1
-----/etc/php5/fpm/php.ini-----
[PHP]
;;;;;;;;;;;;;;;;;;;
; About php.ini ;
;;;;;;;;;;;;;;;;;;;
; PHP's initialization file, generally called php.ini, is responsible for
; configuring many of the aspects of PHP's behavior.
; PHP attempts to find and load this configuration from a number of locations.
; The following is a summary of its search order:
; 1. SAPI module specific location.
; 2. The PHPRC environment variable. (As of PHP 5.2.0)
; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
; 4. Current working directory (except CLI)
; 5. The web server's directory (for SAPI modules), or directory of PHP
; (otherwise in Windows)
; 6. The directory from the --with-config-file-path compile time option, or the
; Windows directory (C:\windows or C:\winnt)
; See the PHP docs for more specific information.
; http://php.net/configuration.file
; The syntax of the file is extremely simple. Whitespace and lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory. Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com. Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
; Directives are variables used to configure PHP or PHP extensions.
; There is no name validation. If PHP can't find an expected
; directive because it is not set or is mistyped, a default value will be used.
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
; previously set variable or directive (e.g. ${foo})
; Expressions in the INI file are limited to bitwise operators and parentheses:
; | bitwise OR
; ^ bitwise XOR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
; foo = ; sets foo to an empty string
; foo = None ; sets foo to an empty string
; foo = "None" ; sets foo to the string 'None'
; If you use constants in your value, and these constants belong to a
; dynamically loaded extension (either a PHP extension or a Zend extension),
; you may only use these constants *after* the line that loads the extension.
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; PHP comes packaged with two INI files. One that is recommended to be used
; in production environments and one that is recommended to be used in
; development environments.
; php.ini-production contains settings which hold security, performance and
; best practices at its core. But please be aware, these settings may break
; compatibility with older or less security conscience applications. We
; recommending using the production ini in production and testing environments.
; php.ini-development is very similar to its production variant, except it's
; much more verbose when it comes to errors. We recommending using the
; development version only in development environments as errors shown to
; application users can inadvertently leak otherwise secure information.
; This is php.ini-production INI file.
;;;;;;;;;;;;;;;;;;;
; Quick Reference ;
;;;;;;;;;;;;;;;;;;;
; The following are all the settings which are different in either the production
; or development versions of the INIs with respect to PHP's default behavior.
; Please see the actual settings later in the document for more details as to why
; we recommend these changes in PHP's behavior.
; display_errors
; Default Value: On
; Development Value: On
; Production Value: Off
; display_startup_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; error_reporting
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; html_errors
; Default Value: On
; Development Value: On
; Production value: On
; log_errors
; Default Value: Off
; Development Value: On
; Production Value: On
; max_input_time
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; output_buffering
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; register_argc_argv
; Default Value: On
; Development Value: Off
; Production Value: Off
; request_order
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; session.bug_compat_42
; Default Value: On
; Development Value: On
; Production Value: Off
; session.bug_compat_warn
; Default Value: On
; Development Value: On
; Production Value: Off
; session.gc_divisor
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; session.hash_bits_per_character
; Default Value: 4
; Development Value: 5
; Production Value: 5
; short_open_tag
; Default Value: On
; Development Value: Off
; Production Value: Off
; track_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; url_rewriter.tags
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; variables_order
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS"
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =
; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
;user_ini.cache_ttl = 300
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
; Enable the PHP scripting language engine under Apache.
; http://php.net/engine
engine = On
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It's been
; recommended for several years that you not use the short tag "short cut" and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it's currently still
; supported for backwards compatibility, but we recommend you don't use them.
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/short-open-tag
short_open_tag = Off
; Allow ASP-style <% %> tags.
; http://php.net/asp-tags
asp_tags = Off
; The number of significant digits displayed in floating point numbers.
; http://php.net/precision
precision = 14
; Output buffering is a mechanism for controlling how much output data
; (excluding headers and cookies) PHP should keep internally before pushing that
; data to the client. If your application's output exceeds this setting, PHP
; will send that data in chunks of roughly the size you specify.
; Turning on this setting and managing its maximum buffer size can yield some
; interesting side-effects depending on your application and web server.
; You may be able to send headers and cookies after you've already sent output
; through print or echo. You also may see performance benefits if your server is
; emitting less packets due to buffered output versus PHP streaming the output
; as it gets it. On production servers, 4096 bytes is a good setting for performance
; reasons.
; Note: Output buffering can also be controlled via Output Buffering Control
; functions.
; Possible Values:
; On = Enabled and buffer is unlimited. (Use with caution)
; Off = Disabled
; Integer = Enables the buffer and sets its maximum size in bytes.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; http://php.net/output-buffering
output_buffering = 4096
; You can redirect all of the output of your scripts to a function. For
; example, if you set output_handler to "mb_output_handler", character
; encoding will be transparently converted to the specified encoding.
; Setting any output handler automatically turns on output buffering.
; Note: People who wrote portable scripts should not depend on this ini
; directive. Instead, explicitly set the output handler using ob_start().
; Using this ini directive may cause problems unless you know what script
; is doing.
; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
; Note: output_handler must be empty if this is set 'On' !!!!
; Instead you must use zlib.output_handler.
; http://php.net/output-handler
;output_handler =
; Transparent output compression using the zlib library
; Valid values for this option are 'off', 'on', or a specific buffer size
; to be used for compression (default is 4KB)
; Note: Resulting chunk size may vary due to nature of compression. PHP
; outputs chunks that are few hundreds bytes each as a result of
; compression. If you prefer a larger chunk size for better
; performance, enable output_buffering in addition.
; Note: You need to use zlib.output_handler instead of the standard
; output_handler, or otherwise the output will be corrupted.
; http://php.net/zlib.output-compression
zlib.output_compression = Off
; http://php.net/zlib.output-compression-level
;zlib.output_compression_level = -1
; You cannot specify additional output handlers if zlib.output_compression
; is activated here. This setting does the same as output_handler but in
; a different order.
; http://php.net/zlib.output-handler
;zlib.output_handler =
; Implicit flush tells PHP to tell the output layer to flush itself
; automatically after every output block. This is equivalent to calling the
; PHP function flush() after each and every call to print() or echo() and each
; and every HTML block. Turning this option on has serious performance
; implications and is generally recommended for debugging purposes only.
; http://php.net/implicit-flush
; Note: This directive is hardcoded to On for the CLI SAPI
implicit_flush = Off
; The unserialize callback function will be called (with the undefined class'
; name as parameter), if the unserializer finds an undefined class
; which should be instantiated. A warning appears if the specified function is
; not defined, or if the function doesn't include/implement the missing class.
; So only set this entry, if you really want to implement such a
; callback-function.
unserialize_callback_func =
; When floats & doubles are serialized store serialize_precision significant
; digits after the floating point. The default value ensures that when floats
; are decoded with unserialize, the data will remain the same.
serialize_precision = 17
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/open-basedir
;open_basedir =
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-classes
disable_classes =
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; <span style="color: ???????"> would work.
; http://php.net/syntax-highlighting
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.default = #0000BB
;highlight.html = #000000
; If enabled, the request will be allowed to complete even if the user aborts
; the request. Consider enabling it if executing long requests, which may end up
; being interrupted by the user or a browser timing out. PHP's default behavior
; is to disable this feature.
; http://php.net/ignore-user-abort
;ignore_user_abort = On
; Determines the size of the realpath cache to be used by PHP. This value should
; be increased on systems where PHP opens many files to reflect the quantity of
; the file operations performed.
; http://php.net/realpath-cache-size
;realpath_cache_size = 16k
; Duration of time, in seconds for which to cache realpath information for a given
; file or directory. For systems with rarely changing files, consider increasing this
; value.
; http://php.net/realpath-cache-ttl
;realpath_cache_ttl = 120
; Enables or disables the circular reference collector.
; http://php.net/zend.enable-gc
zend.enable_gc = On
; If enabled, scripts may be written in encodings that are incompatible with
; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
; encodings. To use this feature, mbstring extension must be enabled.
; Default: Off
;zend.multibyte = Off
; Allows to set the default encoding for the scripts. This value will be used
; unless "declare(encoding=...)" directive appears at the top of the script.
; Only affects if zend.multibyte is set.
; Default: ""
;zend.script_encoding =
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = On
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
; http://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 30
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; http://php.net/max-input-time
max_input_time = 60
; Maximum input variable nesting level
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
; How many GET/POST/COOKIE input variables may be accepted
; max_input_vars = 1000
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This directive informs PHP of which errors, warnings and notices you would like
; it to take action for. The recommended way of setting values for this
; directive is through the use of the error level constants and bitwise
; operators. The error level constants are below here for convenience as well as
; some common settings and their meanings.
; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
; those related to E_NOTICE and E_STRICT, which together cover best practices and
; recommended coding standards in PHP. For performance reasons, this is the
; recommend error reporting setting. Your production server shouldn't be wasting
; resources complaining about best practices and coding standards. That's what
; development servers and development settings are for.
; Note: The php.ini-development file has this setting as E_ALL. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;
; Error Level Constants:
; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
; E_ERROR - fatal run-time errors
; E_RECOVERABLE_ERROR - almost fatal run-time errors
; E_WARNING - run-time warnings (non-fatal errors)
; E_PARSE - compile-time parse errors
; E_NOTICE - run-time notices (these are warnings which often result
; from a bug in your code, but it's possible that it was
; intentional (e.g., using an uninitialized variable and
; relying on the fact it's automatically initialized to an
; empty string)
; E_STRICT - run-time notices, enable to have PHP suggest changes
; to your code which will ensure the best interoperability
; and forward compatibility of your code
; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
; initial startup
; E_COMPILE_ERROR - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
; E_USER_ERROR - user-generated error message
; E_USER_WARNING - user-generated warning message
; E_USER_NOTICE - user-generated notice message
; E_DEPRECATED - warn about code that will not work in future versions
; of PHP
; E_USER_DEPRECATED - user-generated deprecation warnings
;
; Common Values:
; E_ALL (Show all errors, warnings and notices including coding standards.)
; E_ALL & ~E_NOTICE (Show all errors, except for notices)
; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; It's recommended that errors be logged on production servers rather than
; having the errors sent to STDOUT.
; Possible Values:
; Off = Do not display any errors
; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = Off
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
; errors from clients. Turning the display of startup errors on can be useful in
; debugging configuration problems. But, it's strongly recommended that you
; leave this setting off on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
; http://php.net/display-startup-errors
display_startup_errors = Off
; Besides displaying errors, PHP can also log errors to locations such as a
; server-specific log, STDERR, or a location specified by the error_log
; directive found below. While errors should not be displayed on productions
; servers they should still be monitored and logging is a great way to do that.
; Default Value: Off
; Development Value: On
; Production Value: On
; http://php.net/log-errors
log_errors = On
; Set maximum length of log_errors. In error_log information about the source is
; added. The default is 1024 and 0 allows to not apply any maximum length at all.
; http://php.net/log-errors-max-len
log_errors_max_len = 1024
; Do not log repeated messages. Repeated errors must occur in same file on same
; line unless ignore_repeated_source is set true.
; http://php.net/ignore-repeated-errors
ignore_repeated_errors = Off
; Ignore source of message when ignoring repeated messages. When this setting
; is On you will not log errors with repeated messages from different files or
; source lines.
; http://php.net/ignore-repeated-source
ignore_repeated_source = Off
; If this parameter is set to Off, then memory leaks will not be shown (on
; stdout or in the log). This has only effect in a debug compile, and if
; error reporting includes E_WARNING in the allowed list
; http://php.net/report-memleaks
report_memleaks = On
; This setting is on by default.
;report_zend_debug = 0
; Store the last error/warning message in $php_errormsg (boolean). Setting this value
; to On can assist in debugging and is appropriate for development servers. It should
; however be disabled on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
; http://php.net/track-errors
track_errors = Off
; Turn off normal error reporting and emit XML-RPC error XML
; http://php.net/xmlrpc-errors
;xmlrpc_errors = 0
; An XML-RPC faultCode
;xmlrpc_error_number = 0
; When PHP displays or logs an error, it has the capability of formatting the
; error message as HTML for easier reading. This directive controls whether
; the error message is formatted as HTML or not.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: On
; Development Value: On
; Production value: On
; http://php.net/html-errors
html_errors = On
; If html_errors is set to On *and* docref_root is not empty, then PHP
; produces clickable error messages that direct to a page describing the error
; or function causing the error in detail.
; You can download a copy of the PHP manual from http://php.net/docs
; and change docref_root to the base URL of your local copy including the
; leading '/'. You must also specify the file extension being used including
; the dot. PHP's default behavior is to leave these settings empty, in which
; case no links to documentation are generated.
; Note: Never use this feature for production boxes.
; http://php.net/docref-root
; Examples
;docref_root = "/phpmanual/"
; http://php.net/docref-ext
;docref_ext = .html
; String to output before an error message. PHP's default behavior is to leave
; this setting blank.
; http://php.net/error-prepend-string
; Example:
;error_prepend_string = "<span style='color: #ff0000'>"
; String to output after an error message. PHP's default behavior is to leave
; this setting blank.
; http://php.net/error-append-string
; Example:
;error_append_string = "</span>"
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; http://php.net/error-log
; Example:
;error_log = php_errors.log
; Log errors to syslog (Event Log on NT, not valid in Windows 95).
;error_log = syslog
;windows.show_crt_warning
; Default value: 0
; Development value: 0
; Production value: 0
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; The separator used in PHP generated URLs to separate arguments.
; PHP's default setting is "&".
; http://php.net/arg-separator.output
; Example:
;arg_separator.output = "&amp;"
; List of separator(s) used by PHP to parse input URLs into variables.
; PHP's default setting is "&".
; NOTE: Every character in this directive is considered as separator!
; http://php.net/arg-separator.input
; Example:
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
; starts up. G,P,C,E & S are abbreviations for the following respective super
; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
; paid for the registration of these arrays and because ENV is not as commonly
; used as the others, ENV is not recommended on productions servers. You
; can still get access to the environment variables through getenv() should you
; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
; http://php.net/variables-order
variables_order = "GPCS"
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order
request_order = "GP"
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
; that were passed when the script was invoked. These arrays are extremely
; useful when running scripts from the command line. When this directive is
; enabled, registering these variables consumes CPU cycles and memory each time
; a script is executed. For performance reasons, this feature should be disabled
; on production servers.
; Note: This directive is hardcoded to On for the CLI SAPI
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/register-argc-argv
register_argc_argv = Off
; When enabled, the ENV, REQUEST and SERVER variables are created when they're
; first used (Just In Time) instead of when the script starts. If these
; variables are not used within a script, having this directive on will result
; in a performance gain. The PHP directive register_argc_argv must be disabled
; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
; Whether PHP will read the POST data.
; This option is enabled by default.
; Most likely, you won't want to disable this option globally. It causes $_POST
; and $_FILES to always be empty; the only way you will be able to read the
; POST data will be through the php://input stream wrapper. This can be useful
; to proxy requests or to process the POST data in a memory efficient fashion.
; http://php.net/enable-post-data-reading
;enable_post_data_reading = Off
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 12M
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
auto_prepend_file =
; Automatically add files after PHP document.
; http://php.net/auto-append-file
auto_append_file =
; By default, PHP will output a character encoding using
; the Content-type: header. To disable sending of the charset, simply
; set it to be empty.
;
; PHP's built-in default is text/html
; http://php.net/default-mimetype
default_mimetype = "text/html"
; PHP's default character set is set to empty.
; http://php.net/default-charset
;default_charset = "UTF-8"
; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
; to disable this feature. If post reading is disabled through
; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated.
; http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = On
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2"
;include_path = ".:/usr/share/php"
;
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
; http://php.net/include-path
; The root of the PHP pages, used only if nonempty.
; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
; if you are running php as a CGI under any web server (other than IIS)
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below
; http://php.net/doc-root
doc_root =
; The directory under which PHP opens the script using /~username used only
; if nonempty.
; http://php.net/user-dir
user_dir =
; Directory in which the loadable extensions (modules) reside.
; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
; extension_dir = "ext"
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
; http://php.net/enable-dl
enable_dl = Off
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
; http://php.net/cgi.force-redirect
;cgi.force_redirect = 1
; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
; every request. PHP's default behavior is to disable this feature.
;cgi.nph = 1
; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
; http://php.net/cgi.redirect-status-env
;cgi.redirect_status_env = ;
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1
; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
; http://php.net/fastcgi.impersonate
;fastcgi.impersonate = 1;
; Disable logging through FastCGI connection. PHP's default behavior is to enable
; this feature.
;fastcgi.logging = 0
; cgi.rfc2616_headers configuration option tells PHP what type of headers to
; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
; is supported by Apache. When this option is set to 1 PHP will send
; RFC2616 compliant header.
; Default is zero.
; http://php.net/cgi.rfc2616-headers
;cgi.rfc2616_headers = 0
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 12M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = Off
; Define the anonymous ftp password (your email address). PHP's default setting
; for this is empty.
; http://php.net/from
;from="john@doe.com"
; Define the User-Agent string. PHP's default setting for this is empty.
; http://php.net/user-agent
;user_agent="PHP"
; Default timeout for socket based streams (seconds)
; http://php.net/default-socket-timeout
default_socket_timeout = 60
; If your scripts have to deal with files from Macintosh systems,
; or you are running on a Mac and need to deal with files from
; unix or win32 systems, setting this flag will cause PHP to
; automatically detect the EOL character in those files so that
; fgets() and file() will work regardless of the source of the file.
; http://php.net/auto-detect-line-endings
;auto_detect_line_endings = Off
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
; If you wish to have an extension loaded automatically, use the following
; syntax:
;
; extension=modulename.extension
;
; For example, on Windows:
;
; extension=msql.dll
;
; ... or under UNIX:
;
; extension=msql.so
;
; ... or with a path:
;
; extension=/path/to/extension/msql.so
;
; If you only provide the name of the extension, PHP will look for it in its
; default extension directory.
;
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[CLI Server]
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
; http://php.net/date.default-latitude
;date.default_latitude = 31.7667
; http://php.net/date.default-longitude
;date.default_longitude = 35.2333
; http://php.net/date.sunrise-zenith
;date.sunrise_zenith = 90.583333
; http://php.net/date.sunset-zenith
;date.sunset_zenith = 90.583333
[filter]
; http://php.net/filter.default
;filter.default = unsafe_raw
; http://php.net/filter.default-flags
;filter.default_flags =
[iconv]
;iconv.input_encoding = ISO-8859-1
;iconv.internal_encoding = ISO-8859-1
;iconv.output_encoding = ISO-8859-1
[intl]
;intl.default_locale =
; This directive allows you to produce PHP errors when some error
; happens within intl functions. The value is the level of the error produced.
; Default is 0, which does not produce any errors.
;intl.error_level = E_WARNING
[sqlite]
; http://php.net/sqlite.assoc-case
;sqlite.assoc_case = 0
[sqlite3]
;sqlite3.extension_dir =
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
;pcre.backtrack_limit=100000
;PCRE library recursion limit.
;Please note that if you set this value to a high number you may consume all
;the available process stack and eventually crash PHP (due to reaching the
;stack size limit imposed by the Operating System).
; http://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000
[Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
; http://php.net/pdo-odbc.connection-pooling
;pdo_odbc.connection_pooling=strict
;pdo_odbc.db2_instance_name
[Pdo_mysql]
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/pdo_mysql.cache_size
pdo_mysql.cache_size = 2000
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/pdo_mysql.default-socket
pdo_mysql.default_socket=
[Phar]
; http://php.net/phar.readonly
;phar.readonly = On
; http://php.net/phar.require-hash
;phar.require_hash = On
;phar.cache_list =
[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost
; http://php.net/smtp-port
smtp_port = 25
; For Win32 only.
; http://php.net/sendmail-from
;sendmail_from = me@example.com
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
;sendmail_path =
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_parameters =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = On
; The path to a log file that will log all mail() calls. Log entries include
; the full path of the script, line number, To address and headers.
;mail.log =
[SQL]
; http://php.net/sql.safe-mode
sql.safe_mode = Off
[ODBC]
; http://php.net/odbc.default-db
;odbc.default_db = Not yet implemented
; http://php.net/odbc.default-user
;odbc.default_user = Not yet implemented
; http://php.net/odbc.default-pw
;odbc.default_pw = Not yet implemented
; Controls the ODBC cursor model.
; Default: SQL_CURSOR_STATIC (default).
;odbc.default_cursortype
; Allow or prevent persistent links.
; http://php.net/odbc.allow-persistent
odbc.allow_persistent = On
; Check that a connection is still valid before reuse.
; http://php.net/odbc.check-persistent
odbc.check_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/odbc.max-persistent
odbc.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/odbc.max-links
odbc.max_links = -1
; Handling of LONG fields. Returns number of bytes to variables. 0 means
; passthru.
; http://php.net/odbc.defaultlrl
odbc.defaultlrl = 4096
; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
; of odbc.defaultlrl and odbc.defaultbinmode
; http://php.net/odbc.defaultbinmode
odbc.defaultbinmode = 1
;birdstep.max_links = -1
[Interbase]
; Allow or prevent persistent links.
ibase.allow_persistent = 1
; Maximum number of persistent links. -1 means no limit.
ibase.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
ibase.max_links = -1
; Default database name for ibase_connect().
;ibase.default_db =
; Default username for ibase_connect().
;ibase.default_user =
; Default password for ibase_connect().
;ibase.default_password =
; Default charset for ibase_connect().
;ibase.default_charset =
; Default timestamp format.
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
; Default date format.
ibase.dateformat = "%Y-%m-%d"
; Default time format.
ibase.timeformat = "%H:%M:%S"
[MySQL]
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysql.allow_local_infile
mysql.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysql.allow-persistent
mysql.allow_persistent = On
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysql.cache_size
mysql.cache_size = 2000
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysql.max-persistent
mysql.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/mysql.max-links
mysql.max_links = -1
; Default port number for mysql_connect(). If unset, mysql_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysql.default-port
mysql.default_port =
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysql.default-socket
mysql.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-host
mysql.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-user
mysql.default_user =
; Default password for mysql_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysql.default-password
mysql.default_password =
; Maximum time (in seconds) for connect timeout. -1 means no limit
; http://php.net/mysql.connect-timeout
mysql.connect_timeout = 60
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
; http://php.net/mysql.trace-mode
mysql.trace_mode = Off
[MySQLi]
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysqli.max-persistent
mysqli.max_persistent = -1
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysqli.allow_local_infile
;mysqli.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysqli.allow-persistent
mysqli.allow_persistent = On
; Maximum number of links. -1 means no limit.
; http://php.net/mysqli.max-links
mysqli.max_links = -1
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysqli.cache_size
mysqli.cache_size = 2000
; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysqli.default-port
mysqli.default_port = 3306
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysqli.default-socket
mysqli.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysqli.default-host
mysqli.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysqli.default-user
mysqli.default_user =
; Default password for mysqli_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysqli.default-pw
mysqli.default_pw =
; Allow or prevent reconnect
mysqli.reconnect = Off
[mysqlnd]
; Enable / Disable collection of general statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
; http://php.net/mysqlnd.collect_statistics
mysqlnd.collect_statistics = On
; Enable / Disable collection of memory usage statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
; http://php.net/mysqlnd.collect_memory_statistics
mysqlnd.collect_memory_statistics = Off
; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
; http://php.net/mysqlnd.net_cmd_buffer_size
;mysqlnd.net_cmd_buffer_size = 2048
; Size of a pre-allocated buffer used for reading data sent by the server in
; bytes.
; http://php.net/mysqlnd.net_read_buffer_size
;mysqlnd.net_read_buffer_size = 32768
[OCI8]
; Connection: Enables privileged connections using external
; credentials (OCI_SYSOPER, OCI_SYSDBA)
; http://php.net/oci8.privileged-connect
;oci8.privileged_connect = Off
; Connection: The maximum number of persistent OCI8 connections per
; process. Using -1 means no limit.
; http://php.net/oci8.max-persistent
;oci8.max_persistent = -1
; Connection: The maximum number of seconds a process is allowed to
; maintain an idle persistent connection. Using -1 means idle
; persistent connections will be maintained forever.
; http://php.net/oci8.persistent-timeout
;oci8.persistent_timeout = -1
; Connection: The number of seconds that must pass before issuing a
; ping during oci_pconnect() to check the connection validity. When
; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
; pings completely.
; http://php.net/oci8.ping-interval
;oci8.ping_interval = 60
; Connection: Set this to a user chosen connection class to be used
; for all pooled server requests with Oracle 11g Database Resident
; Connection Pooling (DRCP). To use DRCP, this value should be set to
; the same string for all web servers running the same application,
; the database pool must be configured, and the connection string must
; specify to use a pooled server.
;oci8.connection_class =
; High Availability: Using On lets PHP receive Fast Application
; Notification (FAN) events generated when a database node fails. The
; database must also be configured to post FAN events.
;oci8.events = Off
; Tuning: This option enables statement caching, and specifies how
; many statements to cache. Using 0 disables statement caching.
; http://php.net/oci8.statement-cache-size
;oci8.statement_cache_size = 20
; Tuning: Enables statement prefetching and sets the default number of
; rows that will be fetched automatically after statement execution.
; http://php.net/oci8.default-prefetch
;oci8.default_prefetch = 100
; Compatibility. Using On means oci_close() will not close
; oci_connect() and oci_new_connect() connections.
; http://php.net/oci8.old-oci-close-semantics
;oci8.old_oci_close_semantics = Off
[PostgreSQL]
; Allow or prevent persistent links.
; http://php.net/pgsql.allow-persistent
pgsql.allow_persistent = On
; Detect broken persistent links always with pg_pconnect().
; Auto reset feature requires a little overheads.
; http://php.net/pgsql.auto-reset-persistent
pgsql.auto_reset_persistent = Off
; Maximum number of persistent links. -1 means no limit.
; http://php.net/pgsql.max-persistent
pgsql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
; http://php.net/pgsql.max-links
pgsql.max_links = -1
; Ignore PostgreSQL backends Notice message or not.
; Notice message logging require a little overheads.
; http://php.net/pgsql.ignore-notice
pgsql.ignore_notice = 0
; Log PostgreSQL backends Notice message or not.
; Unless pgsql.ignore_notice=0, module cannot log notice message.
; http://php.net/pgsql.log-notice
pgsql.log_notice = 0
[Sybase-CT]
; Allow or prevent persistent links.
; http://php.net/sybct.allow-persistent
sybct.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/sybct.max-persistent
sybct.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/sybct.max-links
sybct.max_links = -1
; Minimum server message severity to display.
; http://php.net/sybct.min-server-severity
sybct.min_server_severity = 10
; Minimum client message severity to display.
; http://php.net/sybct.min-client-severity
sybct.min_client_severity = 10
; Set per-context timeout
; http://php.net/sybct.timeout
;sybct.timeout=
;sybct.packet_size
; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
; Default: one minute
;sybct.login_timeout=
; The name of the host you claim to be connecting from, for display by sp_who.
; Default: none
;sybct.hostname=
; Allows you to define how often deadlocks are to be retried. -1 means "forever".
; Default: 0
;sybct.deadlock_retry_count=
[bcmath]
; Number of decimal digits for all bcmath functions.
; http://php.net/bcmath.scale
bcmath.scale = 0
[browscap]
; http://php.net/browscap
;browscap = extra/browscap.ini
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; The path can be defined as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
;session.save_path = "/var/lib/php5"
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
; http://php.net/session.cookie-secure
session.cookie_secure = 1
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies = 1
; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID
; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path = /
; The domain for which the cookie is valid.
; http://php.net/session.cookie-domain
session.cookie_domain =
; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
session.cookie_httponly = 1
; Handler used to serialize data. php is the standard serializer of PHP.
; http://php.net/session.serialize-handler
session.serialize_handler = php
; Defines the probability that the 'garbage collection' process is started
; on every session initialization. The probability is calculated by using
; gc_probability/gc_divisor. Where session.gc_probability is the numerator
; and gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request.
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.gc-probability
session.gc_probability = 0
; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://php.net/session.gc-divisor
session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 1440
; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; find /path/to/sessions -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope.
; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's
; recommended that you do not use this feature on production servers. But you
; should enable this on development servers and enable the warning as well. If you
; do not enable the feature on development servers, you won't be warned when it's
; used and debugging errors caused by this can be difficult to track down.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/session.bug-compat-42
session.bug_compat_42 = Off
; This setting controls whether or not you are warned by PHP when initializing a
; session value into the global space. session.bug_compat_42 must be enabled before
; these warnings can be issued by PHP. See the directive above for more information.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/session.bug-compat-warn
session.bug_compat_warn = Off
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
; http://php.net/session.referer-check
session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
; Defaults to /dev/urandom
; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
; If neither are found at compile time, the default is no entropy file.
; On windows, setting the entropy_length setting will activate the
; Windows random source (using the CryptoAPI)
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
session.cache_limiter = nocache
; Document expires after n minutes.
; http://php.net/session.cache-expire
session.cache_expire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publicly accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
; http://php.net/session.use-trans-sid
session.use_trans_sid = 0
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_algos()
; function.
; http://php.net/session.hash-function
session.hash_function = 0
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
; http://php.net/session.hash-bits-per-character
session.hash_bits_per_character = 5
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; http://php.net/url-rewriter.tags
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
; Enable upload progress tracking in $_SESSION
; Default Value: On
; Development Value: On
; Production Value: On
; http://php.net/session.upload-progress.enabled
;session.upload_progress.enabled = On
; Cleanup the progress information as soon as all POST data has been read
; (i.e. upload completed).
; Default Value: On
; Development Value: On
; Production Value: On
; http://php.net/session.upload-progress.cleanup
;session.upload_progress.cleanup = On
; A prefix used for the upload progress key in $_SESSION
; Default Value: "upload_progress_"
; Development Value: "upload_progress_"
; Production Value: "upload_progress_"
; http://php.net/session.upload-progress.prefix
;session.upload_progress.prefix = "upload_progress_"
; The index name (concatenated with the prefix) in $_SESSION
; containing the upload progress information
; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
; http://php.net/session.upload-progress.name
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
; How frequently the upload progress should be updated.
; Given either in percentages (per-file), or in bytes
; Default Value: "1%"
; Development Value: "1%"
; Production Value: "1%"
; http://php.net/session.upload-progress.freq
;session.upload_progress.freq = "1%"
; The minimum delay between updates, in seconds
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.upload-progress.min-freq
;session.upload_progress.min_freq = "1"
[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
mssql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
mssql.max_links = -1
; Minimum error severity to display.
mssql.min_error_severity = 10
; Minimum message severity to display.
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
mssql.compatability_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
; Query timeout
;mssql.timeout = 60
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textlimit = 4096
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textsize = 4096
; Limits the number of records in each batch. 0 = all records in one batch.
;mssql.batchsize = 0
; Specify how datetime and datetim4 columns are returned
; On => Returns data converted to SQL server settings
; Off => Returns values as YYYY-MM-DD hh:mm:ss
;mssql.datetimeconvert = On
; Use NT authentication when connecting to the server
mssql.secure_connection = Off
; Specify max number of processes. -1 = library default
; msdlib defaults to 25
; FreeTDS defaults to 4096
;mssql.max_procs = -1
; Specify client character set.
; If empty or not set the client charset from freetds.conf is used
; This is only used when compiled with FreeTDS
;mssql.charset = "ISO-8859-1"
[Assertion]
; Assert(expr); active by default.
; http://php.net/assert.active
;assert.active = On
; Issue a PHP warning for each failed assertion.
; http://php.net/assert.warning
;assert.warning = On
; Don't bail out by default.
; http://php.net/assert.bail
;assert.bail = Off
; User-function to be called if an assertion fails.
; http://php.net/assert.callback
;assert.callback = 0
; Eval the expression with current error_reporting(). Set to true if you want
; error_reporting(0) around the eval().
; http://php.net/assert.quiet-eval
;assert.quiet_eval = 0
[COM]
; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
; http://php.net/com.typelib-file
;com.typelib_file =
; allow Distributed-COM calls
; http://php.net/com.allow-dcom
;com.allow_dcom = true
; autoregister constants of a components typlib on com_load()
; http://php.net/com.autoregister-typelib
;com.autoregister_typelib = true
; register constants casesensitive
; http://php.net/com.autoregister-casesensitive
;com.autoregister_casesensitive = false
; show warnings on duplicate constant registrations
; http://php.net/com.autoregister-verbose
;com.autoregister_verbose = true
; The default character set code-page to use when passing strings to and from COM objects.
; Default: system ANSI code page
;com.code_page=
[mbstring]
; language for internal character representation.
; http://php.net/mbstring.language
;mbstring.language = Japanese
; internal/script encoding.
; Some encoding cannot work as internal encoding.
; (e.g. SJIS, BIG5, ISO-2022-*)
; http://php.net/mbstring.internal-encoding
;mbstring.internal_encoding = EUC-JP
; http input encoding.
; http://php.net/mbstring.http-input
;mbstring.http_input = auto
; http output encoding. mb_output_handler must be
; registered as output buffer to function
; http://php.net/mbstring.http-output
;mbstring.http_output = SJIS
; enable automatic encoding translation according to
; mbstring.internal_encoding setting. Input chars are
; converted to internal encoding by setting this to On.
; Note: Do _not_ use automatic encoding translation for
; portable libs/applications.
; http://php.net/mbstring.encoding-translation
;mbstring.encoding_translation = Off
; automatic encoding detection order.
; auto means
; http://php.net/mbstring.detect-order
;mbstring.detect_order = auto
; substitute_character used when character cannot be converted
; one from another
; http://php.net/mbstring.substitute-character
;mbstring.substitute_character = none;
; overload(replace) single byte functions by mbstring functions.
; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
; etc. Possible values are 0,1,2,4 or combination of them.
; For example, 7 for overload everything.
; 0: No overload
; 1: Overload mail() function
; 2: Overload str*() functions
; 4: Overload ereg*() functions
; http://php.net/mbstring.func-overload
;mbstring.func_overload = 0
; enable strict encoding detection.
;mbstring.strict_detection = Off
; This directive specifies the regex pattern of content types for which mb_output_handler()
; is activated.
; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
;mbstring.http_output_conv_mimetype=
[gd]
; Tell the jpeg decode to ignore warnings and try to create
; a gd image. The warning will then be displayed as notices
; disabled by default
; http://php.net/gd.jpeg-ignore-warning
;gd.jpeg_ignore_warning = 0
[exif]
; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
; With mbstring support this will automatically be converted into the encoding
; given by corresponding encode setting. When empty mbstring.internal_encoding
; is used. For the decode settings you can distinguish between motorola and
; intel byte order. A decode setting cannot be empty.
; http://php.net/exif.encode-unicode
;exif.encode_unicode = ISO-8859-15
; http://php.net/exif.decode-unicode-motorola
;exif.decode_unicode_motorola = UCS-2BE
; http://php.net/exif.decode-unicode-intel
;exif.decode_unicode_intel = UCS-2LE
; http://php.net/exif.encode-jis
;exif.encode_jis =
; http://php.net/exif.decode-jis-motorola
;exif.decode_jis_motorola = JIS
; http://php.net/exif.decode-jis-intel
;exif.decode_jis_intel = JIS
[Tidy]
; The path to a default tidy configuration file to use when using tidy
; http://php.net/tidy.default-config
;tidy.default_config = /usr/local/lib/php/default.tcfg
; Should tidy clean and repair output automatically?
; WARNING: Do not use this option if you are generating non-html content
; such as dynamic images
; http://php.net/tidy.clean-output
tidy.clean_output = Off
[soap]
; Enables or disables WSDL caching feature.
; http://php.net/soap.wsdl-cache-enabled
soap.wsdl_cache_enabled=1
; Sets the directory name where SOAP extension will put cache files.
; http://php.net/soap.wsdl-cache-dir
soap.wsdl_cache_dir="/tmp"
; (time to live) Sets the number of second while cached file will be used
; instead of original one.
; http://php.net/soap.wsdl-cache-ttl
soap.wsdl_cache_ttl=86400
; Sets the size of the cache limit. (Max. number of WSDL files to cache)
soap.wsdl_cache_limit = 5
[sysvshm]
; A default size of the shared memory segment
;sysvshm.init_mem = 10000
[ldap]
; Sets the maximum number of open links or -1 for unlimited.
ldap.max_links = -1
[mcrypt]
; For more information about mcrypt settings see http://php.net/mcrypt-module-open
; Directory where to load mcrypt algorithms
; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
;mcrypt.algorithms_dir=
; Directory where to load mcrypt modes
; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
;mcrypt.modes_dir=
[dba]
;dba.default_handler=
; Local Variables:
; tab-width: 4
; End:
----------
Install MySQL
apt-get install mysql-server mysql-client php5-mysql
a dialog pops up for you to set a password on the root mysql user
a second dialog will pop up to confirm there were no typos or give you the opportunity to enter identical typos which is another way to look at it.
mysql_secure_installation
=====Script Output=====
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
==========
mysql -uroot -p
USE mysql
A common vector is to attack the MySQL root user since it is the default omipotent user put on almost all MySQL installs.
So, give your 'root' user a different name. (Is admin more secure than root, meh. Yeah, I guess.)
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'pwork' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'127.0.0.1' IDENTIFIED BY 'pwork' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'::1' IDENTIFIED BY 'pwork' WITH GRANT OPTION;
CREATE USER 'backup'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT, SHOW VIEW, RELOAD, REPLICATION CLIENT, EVENT, TRIGGER ON *.* TO 'backup'@'localhost';
FLUSH PRIVILEGES;
EXIT
!!!!!NOTE!!!!!
So, the debian-sys-maint user is used by a lot of stuff. And it would serve to break more than I can justify it saves. I fundamentally disagree with the debian-sys-maint user, but that is the mumblings of a first class nobody-significant.
Do nothing with the debian-sys-maint user. :(
!!!!!!!!!!
vi /etc/mysql/debian-start
This is my /etc/mysql/debian-start file
-----/etc/mysql/debian-start-----
#!/bin/bash
#
# This script is executed by "/etc/init.d/mysql" on every (re)start.
#
# Changes to this file will be preserved when updating the Debian package.
#
source /usr/share/mysql/debian-start.inc.sh
MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf"
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf"
MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf"
MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables"
MYCHECK_PARAMS="--all-databases --fast --silent"
MYCHECK_RCPT="root"
# The following commands should be run when the server is up but in background
# where they do not block the server start and in one shell instance so that
# they run sequentially. They are supposed not to echo anything to stdout.
# If you want to disable the check for crashed tables comment
# "check_for_crashed_tables" out.
# (There may be no output to stdout inside the background process!)
#echo "Checking for tables which need an upgrade, are corrupt or were "
#echo "not closed cleanly."
#(
# upgrade_system_tables_if_necessary;
# check_root_accounts;
# check_for_crashed_tables;
#) >&2 &
exit 0
----------
Let's set up the ports.conf file for the httpd directives and the default site virtual host directives
vi /etc/apache2/ports.conf
-----/etc/apache2/ports.conf-----
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
NameVirtualHost *:443
Listen 443
</IfModule>
----------
set up the default virtual host configurations
specifically the virtualhosts for the default & default-ssl virtualhosts, the webroot locations, the log locations, and the ssl settings.
vi /etc/apache2/sites-available/default
-----/etc/apache2/sites-available/default-----
<VirtualHost _default_:80>
DocumentRoot /var/www/http
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/default-file -socket /var/www/.sockets/default.sock -user www-data -group www-data
Alias /fcgi-bin /tmp/default-file
LogLevel warn
ErrorLog /var/www/logs/error.log
CustomLog /var/www/logs/access.log combined
</VirtualHost>
----------
vi /etc/apache2/sites-available/default-ssl
-----/etc/apache2/sites-available/default-ssl-----
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/https
<Directory /var/www/https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/default-ssl-imaginary-file -socket /var/www/.sockets/default.sock -user www-data -group www-data
Alias /fcgi-bin /tmp/default-ssl-imaginary-file
LogLevel warn
ErrorLog /var/www/logs/error-ssl.log
CustomLog /var/www/logs/access-ssl.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /var/www/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /var/www/certs/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
# Require valid-user
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Order Deny,Allow
Deny from All
</Directory>
</VirtualHost>
</IfModule>
----------
create the file system directory structure specified in the configuration files
mkdir /var/www/http /var/www/https /var/www/certs /var/www/logs /var/www/tmp /var/www/.sockets /var/www/fonts
cp -R /usr/share/fonts/* /var/www/fonts
chown -R www-data:www-data /var/www/
chmod -R 770 /var/www
find /var/www -type d -exec chmod 771 {} \;
chmod -R ug+s /var/www
optionally move or delete the default web page created upon installation
rm /var/www/index.html
apt-get install phpmyadmin
hit the space key to select apache2
then hit <tab> and <enter>
configure database with dbconfig-common?
I hit <enter> to select Yes
next you will be asked for the mysql 'root' user password
after that you will be asked for a password to use with phpmyadmin
and lastly you will be asked to enter that phpmyadmin password again to verify that password
fix the phpmyadmin configurations
!!!!!NOTE!!!!!
/etc/phpmyadmin/config-db.php
-based upon settings in /etc/dbconfig-common/phpmyadmin.config
-this file is automatically generated and defines the database user and database name phpmyadmin will use
/etc/dbconfig-common/phpmyadmin.conf
-supplies the username and password for /etc/phpmyadmin/config-db.php during a scripted install
!!!!!!!!!!
vi /etc/dbconfig-common/phpmyadmin.conf
(line 50)
dbc_dbadmin='admin'
-----/etc/dbconfig-common/phpmyadmin.conf-----
# automatically generated by the maintainer scripts of phpmyadmin
# any changes you make will be preserved, though your comments
# will be lost! to change your settings you should edit this
# file and then run "dpkg-reconfigure phpmyadmin"
# dbc_install: configure database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_install='true'
# dbc_upgrade: upgrade database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_upgrade='true'
# dbc_remove: deconfigure database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_remove=''
# dbc_dbtype: type of underlying database to use
# this exists primarily to let dbconfig-common know what database
# type to use when a package supports multiple database types.
# don't change this value unless you know for certain that this
# package supports multiple database types
dbc_dbtype='mysql'
# dbc_dbuser: database user
# the name of the user who we will use to connect to the database.
dbc_dbuser='phpmyadmin'
# dbc_dbpass: database user password
# the password to use with the above username when connecting
# to a database, if one is required
dbc_dbpass='pwork'
# dbc_dbserver: database host.
# leave unset to use localhost (or a more efficient local method
# if it exists).
dbc_dbserver=''
# dbc_dbport: remote database port
# leave unset to use the default. only applicable if you are
# using a remote database.
dbc_dbport=''
# dbc_dbname: name of database
# this is the name of your application's database.
dbc_dbname='phpmyadmin'
# dbc_dbadmin: name of the administrative user
# this is the administrative user that is used to create all of the above
dbc_dbadmin='admin'
# dbc_basepath: base directory to hold database files
# leave unset to use the default. only applicable if you are
# using a local (filesystem based) database.
dbc_basepath=''
##
## postgresql specific settings. if you don't use postgresql,
## you can safely ignore all of these
##
# dbc_ssl: should we require ssl?
# set to "true" to require that connections use ssl
dbc_ssl=''
# dbc_authmethod_admin: authentication method for admin
# dbc_authmethod_user: authentication method for dbuser
# see the section titled "AUTHENTICATION METHODS" in
# /usr/share/doc/dbconfig-common/README.pgsql for more info
dbc_authmethod_admin=''
dbc_authmethod_user=''
##
## end postgresql specific settings
##
----------
-these following directives, I move into the virtual host configuration(s) of my choosing, which in this case is the system default-ssl configuration
my /etc/phpmyadmin/apache.conf is effectively blank when I am done with adding comment symbols for the moved directives
the directives are relocated into the machine's default ssh directives as above
vi /etc/phpmyadmin/apache.conf
-----/etc/phpmyadmin/apache.conf-----
# phpMyAdmin default Apache configuration
#Alias /phpmyadmin /usr/share/phpmyadmin
#<Directory /usr/share/phpmyadmin>
# Options FollowSymLinks
# DirectoryIndex index.php
# <IfModule mod_php5.c>
# AddType application/x-httpd-php .php
# php_flag magic_quotes_gpc Off
# php_flag track_vars On
# php_flag register_globals Off
# php_admin_flag allow_url_fopen Off
# php_value include_path .
# php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
# php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
# </IfModule>
#</Directory>
# Authorize for setup
#<Directory /usr/share/phpmyadmin/setup>
# <IfModule mod_authn_file.c>
# AuthType Basic
# AuthName "phpMyAdmin Setup"
# AuthUserFile /etc/phpmyadmin/htpasswd.setup
# </IfModule>
# Require valid-user
#</Directory>
# Disallow web access to directories that don't need it
#<Directory /usr/share/phpmyadmin/libraries>
# Order Deny,Allow
# Deny from All
#</Directory>
#<Directory /usr/share/phpmyadmin/setup/lib>
# Order Deny,Allow
# Deny from All
#</Directory>
----------
This section is just for machines that will use self-signed SSL certificates-- which this tutorial is.
For a better no cost alternative at this time, visit StartSSL.com for a free Class 1 SSL certificate. --and if you see fit, buy something better than a Class 1 certificate from those good people.
make a backup of the default openssl settings
cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf~
edit the /etc/ssl/openssl.cnf
(line 73)
default_days = 3650 # how long to certify for
(line 74)
default_crl_days= 3650 # how long before next CRL
(line 129)
countryName_default = US
(line 133)
stateOrProvinceName_default = Ohio
(line 139)
0.organizationName_default = The Rust Belt Rebellion
(line 146)
organizationalUnitName_default = Web Hosting
-----/etc/ssl/openssl.cnf-----
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 3650 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Ohio
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Rust Belt Rebellion
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Web Hosting
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
----------
cd /var/www/certs
openssl req -new -x509 -extensions v3_ca -keyout ssl-cert-snakeoil.key -out ssl-cert-snakeoil.pem -days 3650 -config /etc/ssl/openssl.cnf
=====Command Output=====
Generating a 2048 bit RSA private key
................................................................+++
...................................................+++
writing new private key to 'ssl-cert-snakeoil.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Ohio]:
Locality Name (eg, city) []:Eastlake
Organization Name (eg, company) [Rust Belt Rebellion]:
Organizational Unit Name (eg, section) []:Web Hosting
Common Name (e.g. server FQDN or YOUR name) []:rustbeltrebellion.com
Email Address []:bradchesney79@gmail.com
==========
remove the passphrase
mv /var/www/certs/ssl-cert-snakeoil.key /var/www/certs/ssl-cert-snakeoil.key~
openssl rsa -in /var/www/certs/ssl-cert-snakeoil.key~ -out /var/www/certs/ssl-cert-snakeoil.key
=====Command Output=====
enter the pass phrase
passphrase<ENTER>
==========
service apache2 restart
/usr/sbin/pma-configure
navigate to https://{host}/phpmyadmin/setup in your browser
Setup the server and click the save buttons everywhere.
Click save in the tabs.
And when you think you are done, click save in the Overview.
!!!!!NOTE!!!!!
Those settings will be saved into:
/var/lib/phpmyadmin/config.inc.php
-empty upon a stock wheezy install
-https://host/phpmyadmin/setup is able to write to this file after running the /usr/sbin/pma-configure script.
-----/var/lib/phpmyadmin/config.inc.php-----
<?php
/*
* Generated configuration file
* Generated by: phpMyAdmin 3.4.11.1deb1 setup script
* Date: Thu, 03 Jan 2013 19:03:00 +0000
*/
/* Servers configuration */
$i = 0;
/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['compress'] = true;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['pmadb'] = 'pmadb';
$cfg['Servers'][$i]['controluser'] = 'phpmyadmin';
$cfg['Servers'][$i]['controlpass'] = 'pwork';
$cfg['Servers'][$i]['tracking_version_auto_create'] = true;
/* End of servers configuration */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['DefaultLang'] = 'en';
$cfg['ForceSSL'] = true;
$cfg['AllowUserDropDatabase'] = true;
$cfg['blowfish_secret'] = '50e48846ed2642.34479138';
$cfg['ServerDefault'] = 1;
?>
----------
There are settings dropped into /etc/phpmyadmin/config.inc.php automatically, notably all the table names for phpmyadmin and a few others.
You can look through it if you want, no changes will be made.
vi /etc/phpmyadmin/config.inc.php
Likewise for /usr/share/phpmyadmin/config.inc.php
this is the last bastion that phpmyadmin looks at for it's configuration-- this is where the things you want to have set need to be (so they overwrite undesirable settings) or be missing (so the preferred settings set elsewhere are not overwritten).
Again, you can look through it if you want, no changes will be made.
vi /usr/share/phpmyadmin/config.inc.php
/var/lib/phpmyadmin/blowfish_secret.inc.php
-just make sure the secret in here is the same as in all the other something.inc.php files if you have blowfish_secret problems.
!!!!!!!!!
/usr/sbin/pma-secure
!!!!!NOTE!!!!!
delete the phpmyadmin config directory-- you are done configuring via wide swaths, it is just fine tuning that can be done in a text editor by sysadmins now.
Meh, I'll figure out where this thing is later.
!!!!!!!!!!
mysql -uadmin -p
DELETE FROM mysql.user WHERE User='root';
FLUSH PRIVILEGES;
EXIT
install git version control
apt-get install git
install better system administration auditing tools
apt-get install auditd
install and configure selinux (the same level of security DoD requires for many government machines)
apt-get install selinux-basics
=====Command Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
cpp-4.4 cups-driver-gutenprint foomatic-filters-ppds libbluetooth3 libfont-freetype-perl
libgmp3c2 libgs8 libjpeg62 libnl1 libpoppler5 libsysfs2 libxcb-render-util0 libxfont1
min12xxw pnm2ppa xfonts-encodings xfonts-utils xli
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
bwidget checkpolicy libapol4 libaudit0 libdrm-intel1 libdrm-nouveau1a libdrm-radeon1
libdrm2 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libqpol1 libsetools-tcl libutempter0
libx11-xcb1 libxcb-glx0 libxcb-shape0 libxss1 libxtst6 libxv1 libxxf86dga1 policycoreutils
python-ipy python-selinux python-semanage python-sepolgen python-setools
selinux-policy-default selinux-utils setools tcl tcl8.5 tk tk8.5 x11-utils xbitmaps xterm
Suggested packages:
libglide3 selinux-policy-dev logcheck syslog-summary tcl-tclreadline mesa-utils
xfonts-cyrillic
The following NEW packages will be installed:
bwidget checkpolicy libapol4 libaudit0 libdrm-intel1 libdrm-nouveau1a libdrm-radeon1
libdrm2 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libqpol1 libsetools-tcl libutempter0
libx11-xcb1 libxcb-glx0 libxcb-shape0 libxss1 libxtst6 libxv1 libxxf86dga1 policycoreutils
python-ipy python-selinux python-semanage python-sepolgen python-setools selinux-basics
selinux-policy-default selinux-utils setools tcl tcl8.5 tk tk8.5 x11-utils xbitmaps xterm
0 upgraded, 38 newly installed, 0 to remove and 0 not upgraded.
Need to get 36.9 MB of archives.
After this operation, 171 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ftp.debian.org/debian/ testing/main libqpol1 amd64 3.3.7-3 [222 kB]
Get:2 http://ftp.debian.org/debian/ testing/main libapol4 amd64 3.3.7-3 [113 kB]
Get:3 http://ftp.debian.org/debian/ testing/main libdrm2 amd64 2.4.33-3 [444 kB]
Get:4 http://ftp.debian.org/debian/ testing/main libdrm-intel1 amd64 2.4.33-3 [478 kB]
Get:5 http://ftp.debian.org/debian/ testing/main libdrm-nouveau1a amd64 2.4.33-3 [433 kB]
Get:6 http://ftp.debian.org/debian/ testing/main libdrm-radeon1 amd64 2.4.33-3 [440 kB]
Get:7 http://ftp.debian.org/debian/ testing/main libglapi-mesa amd64 8.0.5-3 [46.6 kB]
Get:8 http://ftp.debian.org/debian/ testing/main libx11-xcb1 amd64 2:1.5.0-1 [139 kB]
Get:9 http://ftp.debian.org/debian/ testing/main libxcb-glx0 amd64 1.8.1-2 [32.1 kB]
Get:10 http://ftp.debian.org/debian/ testing/main libgl1-mesa-glx amd64 8.0.5-3 [134 kB]
Get:11 http://ftp.debian.org/debian/ testing/main libxcb-shape0 amd64 1.8.1-2 [11.0 kB]
Get:12 http://ftp.debian.org/debian/ testing/main libxss1 amd64 1:1.2.2-1 [17.5 kB]
Get:13 http://ftp.debian.org/debian/ testing/main libxtst6 amd64 2:1.2.1-1 [26.6 kB]
Get:14 http://ftp.debian.org/debian/ testing/main libxv1 amd64 2:1.0.7-1 [21.6 kB]
Get:15 http://ftp.debian.org/debian/ testing/main libxxf86dga1 amd64 2:1.1.3-2 [22.6 kB]
Get:16 http://ftp.debian.org/debian/ testing/main python-ipy all 1:0.75-1 [31.4 kB]
Get:17 http://ftp.debian.org/debian/ testing/main python-selinux amd64 2.1.9-5 [365 kB]
Get:18 http://ftp.debian.org/debian/ testing/main python-semanage amd64 2.1.6-6 [128 kB]
Get:19 http://ftp.debian.org/debian/ testing/main python-setools amd64 3.3.7-3 [511 kB]
Get:20 http://ftp.debian.org/debian/ testing/main python-sepolgen all 1.1.5-3 [77.0 kB]
Get:21 http://ftp.debian.org/debian/ testing/main libaudit0 amd64 1:1.7.18-1.1 [68.2 kB]
Get:22 http://ftp.debian.org/debian/ testing/main policycoreutils amd64 2.1.10-9 [614 kB]
Get:23 http://ftp.debian.org/debian/ testing/main tcl8.5 amd64 8.5.11-2 [1,627 kB]
Get:24 http://ftp.debian.org/debian/ testing/main tk8.5 amd64 8.5.11-2 [1,189 kB]
Get:25 http://ftp.debian.org/debian/ testing/main tcl all 8.5.0-2 [4,636 B]
Get:26 http://ftp.debian.org/debian/ testing/main tk all 8.5.0-2 [4,674 B]
Get:27 http://ftp.debian.org/debian/ testing/main bwidget all 1.9.5-1 [240 kB]
Get:28 http://ftp.debian.org/debian/ testing/main checkpolicy amd64 2.1.8-2 [287 kB]
Get:29 http://ftp.debian.org/debian/ testing/main libgl1-mesa-dri amd64 8.0.5-3 [21.8 MB]
Get:30 http://ftp.debian.org/debian/ testing/main libsetools-tcl amd64 3.3.7-3 [638 kB]
Get:31 http://ftp.debian.org/debian/ testing/main libutempter0 amd64 1.1.5-4 [8,020 B]
Get:32 http://ftp.debian.org/debian/ testing/main selinux-utils amd64 2.1.9-5 [87.3 kB]
Get:33 http://ftp.debian.org/debian/ testing/main selinux-basics all 0.5.0 [15.5 kB]
Get:34 http://ftp.debian.org/debian/ testing/main selinux-policy-default all 2:2.20110726-12 [4,302 kB]
Get:35 http://ftp.debian.org/debian/ testing/main setools amd64 3.3.7-3 [1,418 kB]
Get:36 http://ftp.debian.org/debian/ testing/main x11-utils amd64 7.7~1 [233 kB]
Get:37 http://ftp.debian.org/debian/ testing/main xbitmaps all 1.1.1-1 [31.8 kB]
Get:38 http://ftp.debian.org/debian/ testing/main xterm amd64 278-4 [613 kB]
Fetched 36.9 MB in 19s (1,855 kB/s)
Extracting templates from packages: 100%
Selecting previously unselected package libqpol1:amd64.
(Reading database ... 55095 files and directories currently installed.)
Unpacking libqpol1:amd64 (from .../libqpol1_3.3.7-3_amd64.deb) ...
Selecting previously unselected package libapol4:amd64.
Unpacking libapol4:amd64 (from .../libapol4_3.3.7-3_amd64.deb) ...
Selecting previously unselected package libdrm2:amd64.
Unpacking libdrm2:amd64 (from .../libdrm2_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libdrm-intel1:amd64.
Unpacking libdrm-intel1:amd64 (from .../libdrm-intel1_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libdrm-nouveau1a:amd64.
Unpacking libdrm-nouveau1a:amd64 (from .../libdrm-nouveau1a_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libdrm-radeon1:amd64.
Unpacking libdrm-radeon1:amd64 (from .../libdrm-radeon1_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libglapi-mesa:amd64.
Unpacking libglapi-mesa:amd64 (from .../libglapi-mesa_8.0.5-3_amd64.deb) ...
Selecting previously unselected package libx11-xcb1:amd64.
Unpacking libx11-xcb1:amd64 (from .../libx11-xcb1_2%3a1.5.0-1_amd64.deb) ...
Selecting previously unselected package libxcb-glx0:amd64.
Unpacking libxcb-glx0:amd64 (from .../libxcb-glx0_1.8.1-2_amd64.deb) ...
Selecting previously unselected package libgl1-mesa-glx:amd64.
Unpacking libgl1-mesa-glx:amd64 (from .../libgl1-mesa-glx_8.0.5-3_amd64.deb) ...
Selecting previously unselected package libxcb-shape0:amd64.
Unpacking libxcb-shape0:amd64 (from .../libxcb-shape0_1.8.1-2_amd64.deb) ...
Selecting previously unselected package libxss1:amd64.
Unpacking libxss1:amd64 (from .../libxss1_1%3a1.2.2-1_amd64.deb) ...
Selecting previously unselected package libxtst6:amd64.
Unpacking libxtst6:amd64 (from .../libxtst6_2%3a1.2.1-1_amd64.deb) ...
Selecting previously unselected package libxv1:amd64.
Unpacking libxv1:amd64 (from .../libxv1_2%3a1.0.7-1_amd64.deb) ...
Selecting previously unselected package libxxf86dga1:amd64.
Unpacking libxxf86dga1:amd64 (from .../libxxf86dga1_2%3a1.1.3-2_amd64.deb) ...
Selecting previously unselected package python-ipy.
Unpacking python-ipy (from .../python-ipy_1%3a0.75-1_all.deb) ...
Selecting previously unselected package python-selinux.
Unpacking python-selinux (from .../python-selinux_2.1.9-5_amd64.deb) ...
Selecting previously unselected package python-semanage.
Unpacking python-semanage (from .../python-semanage_2.1.6-6_amd64.deb) ...
Selecting previously unselected package python-setools.
Unpacking python-setools (from .../python-setools_3.3.7-3_amd64.deb) ...
Selecting previously unselected package python-sepolgen.
Unpacking python-sepolgen (from .../python-sepolgen_1.1.5-3_all.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1%3a1.7.18-1.1_amd64.deb) ...
Selecting previously unselected package policycoreutils.
Unpacking policycoreutils (from .../policycoreutils_2.1.10-9_amd64.deb) ...
Selecting previously unselected package tcl8.5.
Unpacking tcl8.5 (from .../tcl8.5_8.5.11-2_amd64.deb) ...
Selecting previously unselected package tk8.5.
Unpacking tk8.5 (from .../tk8.5_8.5.11-2_amd64.deb) ...
Selecting previously unselected package tcl.
Unpacking tcl (from .../archives/tcl_8.5.0-2_all.deb) ...
Selecting previously unselected package tk.
Unpacking tk (from .../archives/tk_8.5.0-2_all.deb) ...
Selecting previously unselected package bwidget.
Unpacking bwidget (from .../bwidget_1.9.5-1_all.deb) ...
Selecting previously unselected package checkpolicy.
Unpacking checkpolicy (from .../checkpolicy_2.1.8-2_amd64.deb) ...
Selecting previously unselected package libgl1-mesa-dri:amd64.
Unpacking libgl1-mesa-dri:amd64 (from .../libgl1-mesa-dri_8.0.5-3_amd64.deb) ...
Selecting previously unselected package libsetools-tcl.
Unpacking libsetools-tcl (from .../libsetools-tcl_3.3.7-3_amd64.deb) ...
Selecting previously unselected package libutempter0.
Unpacking libutempter0 (from .../libutempter0_1.1.5-4_amd64.deb) ...
Selecting previously unselected package selinux-utils.
Unpacking selinux-utils (from .../selinux-utils_2.1.9-5_amd64.deb) ...
Selecting previously unselected package selinux-basics.
Unpacking selinux-basics (from .../selinux-basics_0.5.0_all.deb) ...
Selecting previously unselected package selinux-policy-default.
Unpacking selinux-policy-default (from .../selinux-policy-default_2%3a2.20110726-12_all.deb) ...
Selecting previously unselected package setools.
Unpacking setools (from .../setools_3.3.7-3_amd64.deb) ...
Selecting previously unselected package x11-utils.
Unpacking x11-utils (from .../x11-utils_7.7~1_amd64.deb) ...
Selecting previously unselected package xbitmaps.
Unpacking xbitmaps (from .../xbitmaps_1.1.1-1_all.deb) ...
Selecting previously unselected package xterm.
Unpacking xterm (from .../archives/xterm_278-4_amd64.deb) ...
Processing triggers for man-db ...
Setting up libqpol1:amd64 (3.3.7-3) ...
Setting up libapol4:amd64 (3.3.7-3) ...
Setting up libdrm2:amd64 (2.4.33-3) ...
Setting up libdrm-intel1:amd64 (2.4.33-3) ...
Setting up libdrm-nouveau1a:amd64 (2.4.33-3) ...
Setting up libdrm-radeon1:amd64 (2.4.33-3) ...
Setting up libglapi-mesa:amd64 (8.0.5-3) ...
Setting up libx11-xcb1:amd64 (2:1.5.0-1) ...
Setting up libxcb-glx0:amd64 (1.8.1-2) ...
Setting up libgl1-mesa-glx:amd64 (8.0.5-3) ...
Setting up libxcb-shape0:amd64 (1.8.1-2) ...
Setting up libxss1:amd64 (1:1.2.2-1) ...
Setting up libxtst6:amd64 (2:1.2.1-1) ...
Setting up libxv1:amd64 (2:1.0.7-1) ...
Setting up libxxf86dga1:amd64 (2:1.1.3-2) ...
Setting up python-ipy (1:0.75-1) ...
Setting up python-selinux (2.1.9-5) ...
Setting up python-semanage (2.1.6-6) ...
Setting up python-setools (3.3.7-3) ...
Setting up python-sepolgen (1.1.5-3) ...
Setting up libaudit0 (1:1.7.18-1.1) ...
Setting up policycoreutils (2.1.10-9) ...
Setting up tcl8.5 (8.5.11-2) ...
update-alternatives: using /usr/bin/tclsh8.5 to provide /usr/bin/tclsh (tclsh) in auto mode
Setting up tk8.5 (8.5.11-2) ...
update-alternatives: using /usr/bin/wish8.5 to provide /usr/bin/wish (wish) in auto mode
Setting up tcl (8.5.0-2) ...
update-alternatives: using /usr/bin/tclsh-default to provide /usr/bin/tclsh (tclsh) in auto mode
Setting up tk (8.5.0-2) ...
update-alternatives: using /usr/bin/wish-default to provide /usr/bin/wish (wish) in auto mode
Setting up bwidget (1.9.5-1) ...
Setting up checkpolicy (2.1.8-2) ...
Setting up libgl1-mesa-dri:amd64 (8.0.5-3) ...
Setting up libsetools-tcl (3.3.7-3) ...
Setting up libutempter0 (1.1.5-4) ...
Creating utempter group...
Setting up selinux-utils (2.1.9-5) ...
Setting up selinux-basics (0.5.0) ...
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.2.0-4-amd64
Found initrd image: /boot/initrd.img-3.2.0-4-amd64
Found linux image: /boot/vmlinuz-2.6.32-5-amd64
Found initrd image: /boot/initrd.img-2.6.32-5-amd64
done
Setting up selinux-policy-default (2:2.20110726-12) ...
Notice: Trying to link (but not load) a default policy.
This process may fail -- you should check the results, and
you need to switch to this policy yourself anyway.
Locating modules
Ordering modules based on dependencies
Selecting modules based on installed packages
Loaded modules apache dbus netutils ssh devicekit lpd cups remotelogin telnet xserver xscreensaver exim apm avahi cpufreqselector pythonsupport rpc dmidecode mysql policykit portmap vbetool tcpd ftp screen dhcp consolekit lvm lda tzdata rpcbind bluetooth gpg ptchown usbmodules java pcmcia
Setting up setools (3.3.7-3) ...
Setting up x11-utils (7.7~1) ...
Setting up xbitmaps (1.1.1-1) ...
Setting up xterm (278-4) ...
update-alternatives: using /usr/bin/xterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
update-alternatives: using /usr/bin/uxterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
update-alternatives: using /usr/bin/lxterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
==========
selinux-activate
reboot
Be prepared for all kinds of hands off time while the machine does stuff and reboots itself.
How did things shake out?
check-selinux-installation
=====Script Output=====
/etc/pam.d/login is not SELinux enabled
FSCKFIX is not enabled - not serious, but could prevent system from booting...
==========
set FIXFSCK in /etc/default/rcS
vi /etc/default/rcS
-----/etc/default/rcS-----
#
# /etc/default/rcS
#
# Default settings for the scripts in /etc/rcS.d/
#
# For information about these variables see the rcS(5) manual page.
#
# This file belongs to the "initscripts" package.
# delete files in /tmp during boot older than x days.
# '0' means always, -1 or 'infinite' disables the feature
#TMPTIME=0
# spawn sulogin during boot, continue normal boot if not used in 30 seconds
#SULOGIN=no
# do not allow users to log in until the boot has completed
#DELAYLOGIN=no
# be more verbose during the boot process
#VERBOSE=no
# automatically repair filesystems with inconsistencies during boot
FSCKFIX=yes
---------
reboot
check-selinux-installation
=====Script Output=====
/etc/pam.d/login is not SELinux enabled
==========
!!!!!NOTE!!!!!
the /etc/pam.d/login error is due to an error in the check-selinux-installation script!!!!!
!!!!!!!!!!
!!!!!NOTE!!!!!
At this point, the base configuration is complete
!!!!!!!!!!
add a user
adduser username
Password
Password
Fullname
Room Number
Work Phone
Home Phone
Other
Is the information correct
give user restricted shell access
usermod -s /usr/bin/rssh username
!!!!!NOTES!!!!!
the six boolean digit string is for these permissions in order
rsync
rdist
cvs
sftp
scp
svnserve
user="username:770:000100:/home/username"
!!!!!!!!!!
restrict access to resources via the apache httpd php module in the /etc/php5/fpm/pool.d/username.conf
cp /etc/php5/fpm/pool.d/default.conf /etc/php5/fpm/pool.d/username.conf
vi /etc/php5/fpm/pool.d/username.conf
-----/etc/php5/fpm/pool.d/username.conf-----
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[username]
; Per pool prefix
; It only applies on the following directives:
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = username
group = username
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /home/username/.sockets/username.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = username
;listen.group = username
;listen.mode = 0666
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
;pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
----------
set up directory structure
mkdir /home/username/hostname.tld/ /home/username/hostname.tld/http /home/username/hostname.tld/https /home/username/hostname.tld/logs /home/username/hostname.tld/certs /home/username/hostname.tld/tmp /home/username/hostname.tld/.sockets /home/username/hostname.tld/fonts
cp -R /usr/share/fonts/* /home/username/hostname.tld/fonts
change the ownership and access permissions
chown -R username:username /home/username/
chmod -R 770 /home/username/username/
find /home -type d -exec chmod 771 {} \;
chmod -R ug+s /home/username/
create sites available for the new websites
vi /etc/apache2/sites-available/hostname.tld
-----/etc/apache2/sites-available/hostname.tld-----
<VirtualHost *:80>
DocumentRoot /home/username/hostname.tld/http
ServerName hostname.tld
<Directory /home/username/hostname.tld/http/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/username-imaginary-file -socket /home/username/.sockets/username.sock -user username -group username -pass-header Authorization
Alias /fcgi-bin /tmp/username-imaginary-file
LogLevel warn
ErrorLog /home/username/hostname.tld/logs/error.log
CustomLog /home/username/hostname.tld/logs/access.log combined
</VirtualHost>
-----
likewise modify your hostname.tld-ssl virtual host configuration
vi /etc/apache2/sites-available/hostname.tld-ssl
-----/etc/apache2/sites-available/hostname.tld-ssl-----
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /home/username/hostname.tld/https
ServerName hostname.tld
<Directory /home/username/hostname.tld/https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/username-ssl-imaginary-file -socket /home/username/.sockets/username.sock -user username -group username
Alias /fcgi-bin /tmp/username-ssl-imaginary-file
LogLevel warn
ErrorLog /home/username/hostname.tld/logs/error-ssl.log
CustomLog /home/username/hostname.tld/logs/access-ssl.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /home/username/hostname.tld/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /home/username/hostname.tld/certs/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /home/username/hostname.tld/certs/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /home/username/hostname.tld/certs/
#SSLCACertificateFile /home/username/hostname.tld/certs/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /home/username/hostname.tld/certs/
#SSLCARevocationFile /home/username/hostname.tld/certs/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.php$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
----------
enable the website
create self-signed certificate
openssl req -new -x509 -extensions v3_ca -keyout /home/username/hostname.tld/certs/ssl-cert-snakeoil.key -out /home/username/hostname.tld/certs/ssl-cert-snakeoil.pem -days 3650 -config /etc/ssl/openssl.cnf
remove the passphrase
mv /home/username/hostname.tld/certs/ssl-cert-snakeoil.key /home/username/hostname.tld/certs/ssl-cert-snakeoil.key~
openssl rsa -in /home/username/hostname.tld/certs/ssl-cert-snakeoil.key~ -out /home/username/hostname.tld/certs/ssl-cert-snakeoil.key
a2ensite hostname.tld-ssl
mysql -uadmin -p
CREATE DATABASE username;
Give your user access via both of the most common ways to log in to the database for a logged in user
GRANT ALL PRIVILEGES ON username.* TO 'username'@'localhost' IDENTIFIED BY 'pwork';
GRANT ALL PRIVILEGES ON username.* TO 'username'@'127.0.0.1' IDENTIFIED BY 'pwork';
Assuming your host has a fixed IP, you may also give access for that
GRANT ALL PRIVILEGES ON username.* TO 'username'@'YOU.R H.OST.IP' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT
Turn off 'bad' php commands like exec for some if not all users.
vi /var/www/http/index.php
-----/var/www/http/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>http://default-site</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "admin";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="http://debian-wheezy.launchhouse.lan/page.php">
</iframe>
</div>
<a href="https://debian-wheezy.launchhouse.lan/">Default HTTPS VirtualHost</a>
</body>
</html>
----------
vi /var/www/http/page.php
-----/var/www/http/page.php-----
<?php
include './phpinfo.php';
?>
----------
vi /var/www/http/phpinfo.php
-----/var/www/http/phpinfo.php-----
<?php
phpinfo();
?>
----------
vi /var/www/http/image.php
-----/var/www/http/image.php-----
<?php
/* Set width and height in proportion of genuine PHP logo */
$width = 400;
$height = 210;
/* Create an Imagick object with transparent canvas */
$img = new Imagick();
$img->newImage($width, $height, new ImagickPixel('transparent'));
/* New ImagickDraw instance for ellipse draw */
$draw = new ImagickDraw();
/* Set purple fill color for ellipse */
$draw->setFillColor('#777bb4');
/* Set ellipse dimensions */
$draw->ellipse($width / 2, $height / 2, $width / 2, $height / 2, 0, 360);
/* Draw ellipse onto the canvas */
$img->drawImage($draw);
/* Reset fill color from purple to black for text (note: we are reusing ImagickDraw object) */
$draw->setFillColor('black');
/* Set stroke border to white color */
$draw->setStrokeColor('white');
/* Set stroke border thickness */
$draw->setStrokeWidth(2);
/* Set font kerning (negative value means that letters are closer to each other) */
$draw->setTextKerning(-8);
/* Set font and font size used in PHP logo */
$draw->setFont('../fonts/truetype/msttcorefonts/arial.ttf');
$draw->setFontSize(150);
/* Center text horizontally and vertically */
$draw->setGravity(Imagick::GRAVITY_CENTER);
/* Add center "php" with Y offset of -10 to canvas (inside ellipse) */
$img->annotateImage($draw, 0, -10, 0, 'php');
$img->setImageFormat('png');
/* Set appropriate header for PNG and output the image */
header('Content-Type: image/png');
echo $img;
?>
----------
cp /var/www/http/phpinfo.php /var/www/https/phpinfo.php
cp /var/www/http/page.php /var/www/https/page.php
cp /var/www/http/image.php /var/www/https/image.php
vi /var/www/https/index.php
------/var/www/https/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>http://default-ssl-site</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "admin";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="https:debian-wheezy.launchhouse.lan/page.php">
</iframe>
</div>
<a href="http://hostname.tld/">hostname.tld HTTP VirtualHost</a>
</body>
</html>
----------
cp /var/www/http/phpinfo.php /home/username/hostname.tld/http/phpinfo.php
cp /var/www/http/page.php /home/username/hostname.tld/http/page.php
cp /var/www/http/image.php /home/username/hostname.tld/http/image.php
vi /home/username/hostname.tld/http/index.php
-----/home/username/hostname.tld/http/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>http://hostname.tld</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "username";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="http://hostname.tld/page.php">
</iframe>
</div>
<a href="https://hostname.tld/">hostname.tld HTTPS VirtualHost</a>
</body>
</html>
----------
cp /var/www/http/phpinfo.php /home/username/hostname.tld/https/phpinfo.php
cp /var/www/http/page.php /home/username/hostname.tld/https/page.php
cp /var/www/http/image.php /home/username/hostname.tld/https/image.php
vi /home/username/hostname.tld/https/index.php
-----/home/username/hostname.tld/https/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>https://hostname.tld-ssl</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "username";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="https://hostname.tld/page.php">
</iframe>
</div>
<a href="http://hostname.tld/fail.php/">This page should fail per php-fpm username user scope, outside of username.conf pool permissions.</a>
</body>
</html>
----------
vi /home/username/hostname.tld/https/fail.php
-----/home/username/hostname.tld/https/fail.php-----
<?php
include '/var/www/phpinfo.php';
?>
----------
Let's do a quick reset of owners and permissions
chown -R www-data:www-data /var/www/
chmod -R 770 /var/www
find /var/www -type d -exec chmod 771 {} \;
chmod -R ug+s /var/www
chown -R username:username /home/username/
chmod -R 770 /home/username/
find /home -type d -exec chmod 771 {} \;
chmod -R ug+s /home/username/
THIS IS A LOOP POINT
Run through the websites.
tail /var/log/audit/audit.log
bypass loop if no more errors
cp /var/log/audit/audit.log /etc/selinux/audit##.log
Delete /var/log/audit/audit.log entries.
cat /var/log/audit/audit.log | audit2allow -m local > /etc/selinux/audit2allow/local##.te
checkmodule -M -m -o /etc/selinux/audit2allow/local##.mod /etc/selinux/audit2allow/local##.te
=====Script Output=====
checkmodule: loading policy configuration from local##.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 14) to local##.mod
==========
semodule_package -o /etc/selinux/audit2allow/local##.pp -m /etc/selinux/audit2allow/local##.mod
semodule -i /etc/selinux/audit2allow/local##.pp
Reboot
LOOP
Look at the SELinux mess you made.
Evaluate if the automatic rules are too broad or not.
Google until your eyes bleed to fix them.
Change selinux from permissive to enforcing.
If needed, you may need to go from enforcing back to permissive while you come up with a plan.
!!!!!NOTES!!!!!
If it isn't in the reach of the user via the pool restrictions placed on the httpd process-- a php-fpm host can't access it. --for an example see the accessible 'fonts' directories along side the webroot directories and the non-accessible resources they are symlinked to (soft linked, whatever).
Turn off 'bad' php commands like exec for some if not all users.
The techniques used in the audit2allow cycles compromise the effectiveness of the system.
Use those SELinux tools as a foundation and modify the automatically generated policies that may clear a broad swath for a more fine grained rule.
Consider turning off the apache apc cache. Could get super annoying during dev work.
Raw
Updated Notes with Non-Working SELinux
Good news! SELinux is improved with some updates to the testing branch as it is. --Improved so much that it properly does not run on linode. Well, it never did run properly. But, previously there were no indications anything was amiss.
The kernels that linodes boot from by default are outside of the linode and not able to have the necessary kernel options set.
This is not game over, it is merely just a delay. Instructions to bypass this issue are here: http://library.linode.com/custom-instances
The full updated notes are here for those that are interested.
My updated notes follow:
Many thanks to the patient souls in #debian, #php-fpm, and #httpd on Freenode
Many commands and much info stolen from these locations:
http://www.rackaid.com/resources/linux-screen-tutorial-and-how-to/
http://www.debian.org/releases/testing/amd64/release-notes/ch-upgrading.en.html#newkernel
https://sites.google.com/site/mydebiansourceslist/
http://linux.justinhartman.com/Setting_up_a_LAMP_Server
http://www.debian-administration.org/articles/349
http://www.lavluda.com/2008/02/02/install-imagemagick-support-to-your-debianubuntu-server/
http://php.net/manual/en/imagick.setup.php
http://www.lavluda.com/2007/07/15/how-to-enable-mod_rewrite-in-apache22-debian/
http://www.debian-administration.org/articles/284
http://openvpn.net/archive/openvpn-users/2004-05/msg00355.html
http://wiki.apache.org/httpd/RemoveSSLCertPassPhrase
http://httpd.apache.org/docs/2.2/vhosts/examples.html
http://www.youtube.com/watch?v=dtclmj3H7ZU
http://www.youtube.com/watch?v=FLPx7HLLteI
http://wiki.debian.org/SELinux/Setup#Steps_to_setup_SELinux
http://debian-handbook.info/browse/wheezy/sect.selinux.html
http://dev.mysql.com/doc/refman/5.0/en/mysql-secure-installation.html
http://www.mysqlperformanceblog.com/2009/01/28/the-perils-of-innodb-with-debian-and-startup-scripts/
http://wiki.phpmyadmin.net/pma/Quick_Install#Manually
http://wiki.phpmyadmin.net/pma/Configuration_storage
http://pastebin.com/index/HyE87bcF#php-fpm with chroot haroldp
https://gist.github.com/3849349#php-fpm diemuzi
https://github.com/SimonSimCity/webserver-configuration/commit/3828c49d4f3d0957a3149be492c219ed00201ede
http://undefinederror.org/tutorials/apache2-mpm-worker-fastcgi-php5-fpm-on-debian/ #This one is great.
http://www.if-not-true-then-false.com/2011/nginx-and-php-fpm-configuration-and-optimizing-tips-and-tricks/ #how many pm.max_children for the fpm pools
http://www.brandonsavage.net/to-stat-or-not-to-stat/ #mod_apc caching
Base debian 6 32-bit linode.com Virtual Private Server install
(On linode build images, the ssh package is preinstalled for you.
apt-get install ssh
on the server for everyone else without it.
ifconfig
to get your IP address.
You may only have access via the local network at that address. Google "NAT")
login via ssh as root
ssh root@012.345.678.910
once screen is up update and upgrade the system
apt-get update
=====Output=====
Get:1 http://ftp.us.debian.org squeeze Release.gpg [1,672 B]
Get:2 http://security.debian.org squeeze/updates Release.gpg [836 B]
Ign http://ftp.us.debian.org/debian/ squeeze/main Translation-en
Ign http://ftp.us.debian.org/debian/ squeeze/main Translation-en_US
Ign http://security.debian.org/ squeeze/updates/main Translation-en
Ign http://security.debian.org/ squeeze/updates/main Translation-en_US
Get:3 http://ftp.us.debian.org squeeze-updates Release.gpg [836 B]
Ign http://ftp.us.debian.org/debian/ squeeze-updates/main Translation-en
Ign http://ftp.us.debian.org/debian/ squeeze-updates/main Translation-en_US
Get:4 http://security.debian.org squeeze/updates Release [87.0 kB]
Get:5 http://ftp.us.debian.org squeeze Release [99.8 kB]
Get:6 http://ftp.us.debian.org squeeze-updates Release [113 kB]
Get:7 http://security.debian.org squeeze/updates/main Sources [119 kB]
Get:8 http://ftp.us.debian.org squeeze/main Sources [5,768 kB]
Get:9 http://security.debian.org squeeze/updates/main i386 Packages [363 kB]
Get:10 http://ftp.us.debian.org squeeze/main i386 Packages [8,635 kB]
Get:11 http://ftp.us.debian.org squeeze-updates/main Sources/DiffIndex [2,989 B]
Get:12 http://ftp.us.debian.org squeeze-updates/main i386 Packages/DiffIndex [2,989 B]
Get:13 http://ftp.us.debian.org squeeze-updates/main Sources [1,974 B]
Get:14 http://ftp.us.debian.org squeeze-updates/main i386 Packages [4,431 B]
Fetched 15.2 MB in 3s (4,562 kB/s)
Reading package lists... Done
==========
apt-get upgrade
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
at base-files bind9-host curl debian-archive-keyring dnsutils dpkg file gnupg gpgv host initscripts
isc-dhcp-client isc-dhcp-common libbind9-60 libbz2-1.0 libc-bin libc6 libc6-i686 libcurl3 libdns69
libexpat1 libgc1c2 libgnutls26 libgssapi-krb5-2 libgssrpc4 libisc62 libisccc60 libisccfg62 libk5crypto3
libkadm5clnt-mit7 libkadm5srv-mit7 libkdb5-4 libkrb5-3 libkrb5support0 liblwres60 libmagic1 libssl0.9.8
libtasn1-3 libxml2 locales module-init-tools nfs-common openssh-client openssh-server openssl perl
perl-base perl-modules procps python python-minimal sysv-rc sysvinit sysvinit-utils tzdata
56 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 35.9 MB of archives.
After this operation, 94.2 kB disk space will be freed.
Do you want to continue [Y/n]? Y
Get:1 http://security.debian.org/ squeeze/updates/main perl-modules all 5.10.1-17squeeze4 [3,491 kB]
Get:2 http://ftp.us.debian.org/debian/ squeeze/main base-files i386 6.0squeeze6 [67.5 kB]
Get:3 http://ftp.us.debian.org/debian/ squeeze/main dpkg i386 1.15.8.13 [2,339 kB]
Get:4 http://security.debian.org/ squeeze/updates/main perl i386 5.10.1-17squeeze4 [3,780 kB]
Get:5 http://ftp.us.debian.org/debian/ squeeze/main libc-bin i386 2.11.3-4 [709 kB]
Get:6 http://ftp.us.debian.org/debian/ squeeze/main libc6 i386 2.11.3-4 [3,884 kB]
Get:7 http://security.debian.org/ squeeze/updates/main perl-base i386 5.10.1-17squeeze4 [981 kB]
Get:8 http://security.debian.org/ squeeze/updates/main gpgv i386 1.4.10-4+squeeze1 [202 kB]
Get:9 http://ftp.us.debian.org/debian/ squeeze/main libc6-i686 i386 2.11.3-4 [1,206 kB]
Get:10 http://security.debian.org/ squeeze/updates/main gnupg i386 1.4.10-4+squeeze1 [2,091 kB]
Get:11 http://ftp.us.debian.org/debian/ squeeze/main libbz2-1.0 i386 1.0.5-6+squeeze1 [45.3 kB]
Get:12 http://ftp.us.debian.org/debian/ squeeze/main sysvinit i386 2.88dsf-13.1+squeeze1 [115 kB]
Get:13 http://ftp.us.debian.org/debian/ squeeze/main sysvinit-utils i386 2.88dsf-13.1+squeeze1 [117 kB]
Get:14 http://ftp.us.debian.org/debian/ squeeze/main debian-archive-keyring all 2010.08.28+squeeze1 [26.2 kB]
Get:15 http://ftp.us.debian.org/debian/ squeeze/main sysv-rc all 2.88dsf-13.1+squeeze1 [73.9 kB]
Get:16 http://ftp.us.debian.org/debian/ squeeze/main initscripts i386 2.88dsf-13.1+squeeze1 [71.1 kB]
Get:17 http://ftp.us.debian.org/debian/ squeeze-updates/main tzdata all 2012g-0squeeze1 [642 kB]
Get:18 http://ftp.us.debian.org/debian/ squeeze/main libssl0.9.8 i386 0.9.8o-4squeeze13 [3,072 kB]
Get:19 http://security.debian.org/ squeeze/updates/main isc-dhcp-client i386 4.1.1-P1-15+squeeze8 [255 kB]
Get:20 http://ftp.us.debian.org/debian/ squeeze/main module-init-tools i386 3.12-2+b1 [104 kB]
Get:21 http://ftp.us.debian.org/debian/ squeeze/main procps i386 1:3.2.8-9squeeze1 [232 kB]
Get:22 http://security.debian.org/ squeeze/updates/main isc-dhcp-common i386 4.1.1-P1-15+squeeze8 [316 kB]
Get:23 http://ftp.us.debian.org/debian/ squeeze/main at i386 3.1.12-1+squeeze1 [47.4 kB]
Get:24 http://ftp.us.debian.org/debian/ squeeze/main libk5crypto3 i386 1.8.3+dfsg-4squeeze6 [98.6 kB]
Get:25 http://ftp.us.debian.org/debian/ squeeze/main libgssapi-krb5-2 i386 1.8.3+dfsg-4squeeze6 [123 kB]
Get:26 http://ftp.us.debian.org/debian/ squeeze/main libkrb5-3 i386 1.8.3+dfsg-4squeeze6 [357 kB]
Get:27 http://ftp.us.debian.org/debian/ squeeze/main libkrb5support0 i386 1.8.3+dfsg-4squeeze6 [44.4 kB]
Get:28 http://ftp.us.debian.org/debian/ squeeze/main file i386 5.04-5+squeeze2 [49.5 kB]
Get:29 http://ftp.us.debian.org/debian/ squeeze/main libmagic1 i386 5.04-5+squeeze2 [235 kB]
Get:30 http://security.debian.org/ squeeze/updates/main libxml2 i386 2.7.8.dfsg-2+squeeze6 [829 kB]
Get:31 http://ftp.us.debian.org/debian/ squeeze/main libgc1c2 i386 1:6.8-2 [124 kB]
Get:32 http://ftp.us.debian.org/debian/ squeeze/main libtasn1-3 i386 2.7-1+squeeze+1 [61.6 kB]
Get:33 http://ftp.us.debian.org/debian/ squeeze/main libgnutls26 i386 2.8.6-1+squeeze2 [526 kB]
Get:34 http://ftp.us.debian.org/debian/ squeeze/main libgssrpc4 i386 1.8.3+dfsg-4squeeze6 [77.8 kB]
Get:35 http://ftp.us.debian.org/debian/ squeeze/main libkadm5clnt-mit7 i386 1.8.3+dfsg-4squeeze6 [61.5 kB]
Get:36 http://security.debian.org/ squeeze/updates/main bind9-host i386 1:9.7.3.dfsg-1~squeeze8 [67.5 kB]
Get:37 http://ftp.us.debian.org/debian/ squeeze/main libkdb5-4 i386 1.8.3+dfsg-4squeeze6 [61.5 kB]
Get:38 http://security.debian.org/ squeeze/updates/main dnsutils i386 1:9.7.3.dfsg-1~squeeze8 [155 kB]
Get:39 http://ftp.us.debian.org/debian/ squeeze/main libkadm5srv-mit7 i386 1.8.3+dfsg-4squeeze6 [74.9 kB]
Get:40 http://ftp.us.debian.org/debian/ squeeze/main locales all 2.11.3-4 [4,761 kB]
Get:41 http://security.debian.org/ squeeze/updates/main libisc62 i386 1:9.7.3.dfsg-1~squeeze8 [162 kB]
Get:42 http://security.debian.org/ squeeze/updates/main libdns69 i386 1:9.7.3.dfsg-1~squeeze8 [670 kB]
Get:43 http://security.debian.org/ squeeze/updates/main libisccc60 i386 1:9.7.3.dfsg-1~squeeze8 [31.9 kB]
Get:44 http://security.debian.org/ squeeze/updates/main libisccfg62 i386 1:9.7.3.dfsg-1~squeeze8 [51.3 kB]
Get:45 http://security.debian.org/ squeeze/updates/main liblwres60 i386 1:9.7.3.dfsg-1~squeeze8 [50.9 kB]
Get:46 http://security.debian.org/ squeeze/updates/main host all 1:9.7.3.dfsg-1~squeeze8 [18.2 kB]
Get:47 http://security.debian.org/ squeeze/updates/main libbind9-60 i386 1:9.7.3.dfsg-1~squeeze8 [38.9 kB]
Get:48 http://ftp.us.debian.org/debian/ squeeze/main nfs-common i386 1:1.2.2-4squeeze2 [228 kB]
Get:49 http://ftp.us.debian.org/debian/ squeeze/main openssh-server i386 1:5.5p1-6+squeeze2 [298 kB]
Get:50 http://ftp.us.debian.org/debian/ squeeze/main openssh-client i386 1:5.5p1-6+squeeze2 [882 kB]
Get:51 http://ftp.us.debian.org/debian/ squeeze/main python all 2.6.6-3+squeeze7 [169 kB]
Get:52 http://ftp.us.debian.org/debian/ squeeze/main python-minimal all 2.6.6-3+squeeze7 [33.8 kB]
Get:53 http://ftp.us.debian.org/debian/ squeeze/main libcurl3 i386 7.21.0-2.1+squeeze2 [281 kB]
Get:54 http://ftp.us.debian.org/debian/ squeeze/main curl i386 7.21.0-2.1+squeeze2 [227 kB]
Get:55 http://ftp.us.debian.org/debian/ squeeze/main libexpat1 i386 2.0.1-7+squeeze1 [139 kB]
Get:56 http://ftp.us.debian.org/debian/ squeeze/main openssl i386 0.9.8o-4squeeze13 [1,054 kB]
Fetched 35.9 MB in 1s (20.7 MB/s)
Reading changelogs... Done
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace base-files 6.0squeeze3 (using .../base-files_6.0squeeze6_i386.deb) ...
Unpacking replacement base-files ...
Processing triggers for install-info ...
Processing triggers for man-db ...
Setting up base-files (6.0squeeze6) ...
Installing new version of config file /etc/debian_version ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace dpkg 1.15.8.11 (using .../dpkg_1.15.8.13_i386.deb) ...
Unpacking replacement dpkg ...
Processing triggers for man-db ...
Setting up dpkg (1.15.8.13) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace perl-modules 5.10.1-17squeeze2 (using .../perl-modules_5.10.1-17squeeze4_all.deb) ...
Unpacking replacement perl-modules ...
Preparing to replace libc-bin 2.11.2-10 (using .../libc-bin_2.11.3-4_i386.deb) ...
Unpacking replacement libc-bin ...
Processing triggers for man-db ...
Setting up libc-bin (2.11.3-4) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace libc6 2.11.2-10 (using .../libc6_2.11.3-4_i386.deb) ...
Unpacking replacement libc6 ...
Setting up libc6 (2.11.3-4) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace libc6-i686 2.11.2-10 (using .../libc6-i686_2.11.3-4_i386.deb) ...
Unpacking replacement libc6-i686 ...
Preparing to replace libbz2-1.0 1.0.5-6 (using .../libbz2-1.0_1.0.5-6+squeeze1_i386.deb) ...
Unpacking replacement libbz2-1.0 ...
Setting up libbz2-1.0 (1.0.5-6+squeeze1) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace perl 5.10.1-17squeeze2 (using .../perl_5.10.1-17squeeze4_i386.deb) ...
Unpacking replacement perl ...
Preparing to replace perl-base 5.10.1-17squeeze2 (using .../perl-base_5.10.1-17squeeze4_i386.deb) ...
Unpacking replacement perl-base ...
Processing triggers for man-db ...
Setting up perl-base (5.10.1-17squeeze4) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace sysvinit 2.88dsf-13.1 (using .../sysvinit_2.88dsf-13.1+squeeze1_i386.deb) ...
Unpacking replacement sysvinit ...
Processing triggers for man-db ...
Setting up sysvinit (2.88dsf-13.1+squeeze1) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace sysvinit-utils 2.88dsf-13.1 (using .../sysvinit-utils_2.88dsf-13.1+squeeze1_i386.deb) ...
Unpacking replacement sysvinit-utils ...
Processing triggers for man-db ...
Setting up sysvinit-utils (2.88dsf-13.1+squeeze1) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace gpgv 1.4.10-4 (using .../gpgv_1.4.10-4+squeeze1_i386.deb) ...
Unpacking replacement gpgv ...
Processing triggers for man-db ...
Setting up gpgv (1.4.10-4+squeeze1) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace gnupg 1.4.10-4 (using .../gnupg_1.4.10-4+squeeze1_i386.deb) ...
Unpacking replacement gnupg ...
Processing triggers for install-info ...
Processing triggers for man-db ...
Setting up gnupg (1.4.10-4+squeeze1) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace debian-archive-keyring 2010.08.28 (using .../debian-archive-keyring_2010.08.28+squeeze1_all.deb) ...
Unpacking replacement debian-archive-keyring ...
Setting up debian-archive-keyring (2010.08.28+squeeze1) ...
gpg: key F42584E6: "Lenny Stable Release Key <debian-release@lists.debian.org>" not changed
gpg: key 55BE302B: "Debian Archive Automatic Signing Key (5.0/lenny) <ftpmaster@debian.org>" not changed
gpg: key 6D849617: "Debian-Volatile Archive Automatic Signing Key (5.0/lenny)" not changed
gpg: key B98321F9: "Squeeze Stable Release Key <debian-release@lists.debian.org>" not changed
gpg: key 473041FA: "Debian Archive Automatic Signing Key (6.0/squeeze) <ftpmaster@debian.org>" not changed
gpg: key 46925553: public key "Debian Archive Automatic Signing Key (7.0/wheezy) <ftpmaster@debian.org>" imported
gpg: key 65FFB764: public key "Wheezy Stable Release Key <debian-release@lists.debian.org>" imported
gpg: Total number processed: 7
gpg: imported: 2 (RSA: 2)
gpg: unchanged: 5
gpg: no ultimately trusted keys found
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace sysv-rc 2.88dsf-13.1 (using .../sysv-rc_2.88dsf-13.1+squeeze1_all.deb) ...
Unpacking replacement sysv-rc ...
Processing triggers for man-db ...
Setting up sysv-rc (2.88dsf-13.1+squeeze1) ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace initscripts 2.88dsf-13.1 (using .../initscripts_2.88dsf-13.1+squeeze1_i386.deb) ...
Unpacking replacement initscripts ...
Processing triggers for man-db ...
Setting up initscripts (2.88dsf-13.1+squeeze1) ...
Installing new version of config file /etc/network/if-up.d/mountnfs ...
(Reading database ... 19875 files and directories currently installed.)
Preparing to replace tzdata 2011n-0squeeze1 (using .../tzdata_2012g-0squeeze1_all.deb) ...
Unpacking replacement tzdata ...
Setting up tzdata (2012g-0squeeze1) ...
Current default time zone: 'America/New_York'
Local time is now: Fri Feb 1 00:58:09 EST 2013.
Universal Time is now: Fri Feb 1 05:58:09 UTC 2013.
Run 'dpkg-reconfigure tzdata' if you wish to change it.
(Reading database ... 19878 files and directories currently installed.)
Preparing to replace isc-dhcp-client 4.1.1-P1-15+squeeze3 (using .../isc-dhcp-client_4.1.1-P1-15+squeeze8_i386.deb) ...
Unpacking replacement isc-dhcp-client ...
Preparing to replace isc-dhcp-common 4.1.1-P1-15+squeeze3 (using .../isc-dhcp-common_4.1.1-P1-15+squeeze8_i386.deb) ...
Unpacking replacement isc-dhcp-common ...
Preparing to replace libssl0.9.8 0.9.8o-4squeeze5 (using .../libssl0.9.8_0.9.8o-4squeeze13_i386.deb) ...
Unpacking replacement libssl0.9.8 ...
Preparing to replace module-init-tools 3.12-1 (using .../module-init-tools_3.12-2+b1_i386.deb) ...
Unpacking replacement module-init-tools ...
Preparing to replace procps 1:3.2.8-9 (using .../procps_1%3a3.2.8-9squeeze1_i386.deb) ...
Unpacking replacement procps ...
Preparing to replace at 3.1.12-1 (using .../at_3.1.12-1+squeeze1_i386.deb) ...
Stopping deferred execution scheduler: atd.
Unpacking replacement at ...
Preparing to replace libk5crypto3 1.8.3+dfsg-4squeeze5 (using .../libk5crypto3_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libk5crypto3 ...
Preparing to replace libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 (using .../libgssapi-krb5-2_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libgssapi-krb5-2 ...
Preparing to replace libkrb5-3 1.8.3+dfsg-4squeeze5 (using .../libkrb5-3_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libkrb5-3 ...
Preparing to replace libkrb5support0 1.8.3+dfsg-4squeeze5 (using .../libkrb5support0_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libkrb5support0 ...
Preparing to replace libxml2 2.7.8.dfsg-2+squeeze1 (using .../libxml2_2.7.8.dfsg-2+squeeze6_i386.deb) ...
Unpacking replacement libxml2 ...
Preparing to replace bind9-host 1:9.7.3.dfsg-1~squeeze4 (using .../bind9-host_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement bind9-host ...
Preparing to replace dnsutils 1:9.7.3.dfsg-1~squeeze4 (using .../dnsutils_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement dnsutils ...
Preparing to replace libisc62 1:9.7.3.dfsg-1~squeeze4 (using .../libisc62_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement libisc62 ...
Preparing to replace libdns69 1:9.7.3.dfsg-1~squeeze4 (using .../libdns69_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement libdns69 ...
Preparing to replace libisccc60 1:9.7.3.dfsg-1~squeeze4 (using .../libisccc60_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement libisccc60 ...
Preparing to replace libisccfg62 1:9.7.3.dfsg-1~squeeze4 (using .../libisccfg62_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement libisccfg62 ...
Preparing to replace liblwres60 1:9.7.3.dfsg-1~squeeze4 (using .../liblwres60_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement liblwres60 ...
Preparing to replace host 1:9.7.3.dfsg-1~squeeze4 (using .../host_1%3a9.7.3.dfsg-1~squeeze8_all.deb) ...
Unpacking replacement host ...
Preparing to replace libbind9-60 1:9.7.3.dfsg-1~squeeze4 (using .../libbind9-60_1%3a9.7.3.dfsg-1~squeeze8_i386.deb) ...
Unpacking replacement libbind9-60 ...
Preparing to replace file 5.04-5 (using .../file_5.04-5+squeeze2_i386.deb) ...
Unpacking replacement file ...
Preparing to replace libmagic1 5.04-5 (using .../libmagic1_5.04-5+squeeze2_i386.deb) ...
Unpacking replacement libmagic1 ...
Preparing to replace libgc1c2 1:6.8-1.2 (using .../libgc1c2_1%3a6.8-2_i386.deb) ...
Unpacking replacement libgc1c2 ...
Preparing to replace libtasn1-3 2.7-1 (using .../libtasn1-3_2.7-1+squeeze+1_i386.deb) ...
Unpacking replacement libtasn1-3 ...
Preparing to replace libgnutls26 2.8.6-1 (using .../libgnutls26_2.8.6-1+squeeze2_i386.deb) ...
Unpacking replacement libgnutls26 ...
Preparing to replace libgssrpc4 1.8.3+dfsg-4squeeze5 (using .../libgssrpc4_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libgssrpc4 ...
Preparing to replace libkadm5clnt-mit7 1.8.3+dfsg-4squeeze5 (using .../libkadm5clnt-mit7_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libkadm5clnt-mit7 ...
Preparing to replace libkdb5-4 1.8.3+dfsg-4squeeze5 (using .../libkdb5-4_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libkdb5-4 ...
Preparing to replace libkadm5srv-mit7 1.8.3+dfsg-4squeeze5 (using .../libkadm5srv-mit7_1.8.3+dfsg-4squeeze6_i386.deb) ...
Unpacking replacement libkadm5srv-mit7 ...
Preparing to replace locales 2.11.2-10 (using .../locales_2.11.3-4_all.deb) ...
Unpacking replacement locales ...
Preparing to replace nfs-common 1:1.2.2-4 (using .../nfs-common_1%3a1.2.2-4squeeze2_i386.deb) ...
Unpacking replacement nfs-common ...
Preparing to replace openssh-server 1:5.5p1-6+squeeze1 (using .../openssh-server_1%3a5.5p1-6+squeeze2_i386.deb) ...
Unpacking replacement openssh-server ...
Preparing to replace openssh-client 1:5.5p1-6+squeeze1 (using .../openssh-client_1%3a5.5p1-6+squeeze2_i386.deb) ...
Unpacking replacement openssh-client ...
Preparing to replace python 2.6.6-3+squeeze6 (using .../python_2.6.6-3+squeeze7_all.deb) ...
Unpacking replacement python ...
Preparing to replace python-minimal 2.6.6-3+squeeze6 (using .../python-minimal_2.6.6-3+squeeze7_all.deb) ...
Unpacking replacement python-minimal ...
Preparing to replace libcurl3 7.21.0-2 (using .../libcurl3_7.21.0-2.1+squeeze2_i386.deb) ...
Unpacking replacement libcurl3 ...
Preparing to replace curl 7.21.0-2 (using .../curl_7.21.0-2.1+squeeze2_i386.deb) ...
Unpacking replacement curl ...
Preparing to replace libexpat1 2.0.1-7 (using .../libexpat1_2.0.1-7+squeeze1_i386.deb) ...
Unpacking replacement libexpat1 ...
Preparing to replace openssl 0.9.8o-4squeeze5 (using .../openssl_0.9.8o-4squeeze13_i386.deb) ...
Unpacking replacement openssl ...
Processing triggers for man-db ...
Setting up libc6-i686 (2.11.3-4) ...
Setting up isc-dhcp-common (4.1.1-P1-15+squeeze8) ...
Setting up isc-dhcp-client (4.1.1-P1-15+squeeze8) ...
Setting up libssl0.9.8 (0.9.8o-4squeeze13) ...
Setting up module-init-tools (3.12-2+b1) ...
Setting up procps (1:3.2.8-9squeeze1) ...
Setting kernel variables ...done.
Setting up at (3.1.12-1+squeeze1) ...
Starting deferred execution scheduler: atd.
Setting up libkrb5support0 (1.8.3+dfsg-4squeeze6) ...
Setting up libk5crypto3 (1.8.3+dfsg-4squeeze6) ...
Setting up libkrb5-3 (1.8.3+dfsg-4squeeze6) ...
Setting up libgssapi-krb5-2 (1.8.3+dfsg-4squeeze6) ...
Setting up libxml2 (2.7.8.dfsg-2+squeeze6) ...
Setting up libisc62 (1:9.7.3.dfsg-1~squeeze8) ...
Setting up libdns69 (1:9.7.3.dfsg-1~squeeze8) ...
Setting up libisccc60 (1:9.7.3.dfsg-1~squeeze8) ...
Setting up libisccfg62 (1:9.7.3.dfsg-1~squeeze8) ...
Setting up libbind9-60 (1:9.7.3.dfsg-1~squeeze8) ...
Setting up liblwres60 (1:9.7.3.dfsg-1~squeeze8) ...
Setting up bind9-host (1:9.7.3.dfsg-1~squeeze8) ...
Setting up host (1:9.7.3.dfsg-1~squeeze8) ...
Setting up dnsutils (1:9.7.3.dfsg-1~squeeze8) ...
Setting up libmagic1 (5.04-5+squeeze2) ...
Setting up file (5.04-5+squeeze2) ...
Setting up libgc1c2 (1:6.8-2) ...
Setting up libtasn1-3 (2.7-1+squeeze+1) ...
Setting up libgnutls26 (2.8.6-1+squeeze2) ...
Setting up libgssrpc4 (1.8.3+dfsg-4squeeze6) ...
Setting up libkadm5clnt-mit7 (1.8.3+dfsg-4squeeze6) ...
Setting up libkdb5-4 (1.8.3+dfsg-4squeeze6) ...
Setting up libkadm5srv-mit7 (1.8.3+dfsg-4squeeze6) ...
Setting up locales (2.11.3-4) ...
Generating locales (this might take a while)...
en_AU.UTF-8... done
en_BW.UTF-8... done
en_CA.UTF-8... done
en_DK.UTF-8... done
en_GB.UTF-8... done
en_HK.UTF-8... done
en_IE.UTF-8... done
en_IN.UTF-8... done
en_NG.UTF-8... done
en_NZ.UTF-8... done
en_PH.UTF-8... done
en_SG.UTF-8... done
en_US.UTF-8... done
en_ZA.UTF-8... done
en_ZW.UTF-8... done
Generation complete.
Setting up nfs-common (1:1.2.2-4squeeze2) ...
Stopping NFS common utilities: statd.
Starting NFS common utilities: statd.
Setting up openssh-client (1:5.5p1-6+squeeze2) ...
Setting up openssh-server (1:5.5p1-6+squeeze2) ...
Restarting OpenBSD Secure Shell server: sshd.
Setting up python-minimal (2.6.6-3+squeeze7) ...
Setting up python (2.6.6-3+squeeze7) ...
Setting up libcurl3 (7.21.0-2.1+squeeze2) ...
Setting up curl (7.21.0-2.1+squeeze2) ...
Setting up libexpat1 (2.0.1-7+squeeze1) ...
Setting up openssl (0.9.8o-4squeeze13) ...
Setting up perl-modules (5.10.1-17squeeze4) ...
Setting up perl (5.10.1-17squeeze4) ...
==========
install the kernel metapackage
apt-get install linux-image-2.6.32-5-686
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
firmware-linux-free initramfs-tools klibc-utils libklibc libuuid-perl linux-base
Suggested packages:
linux-doc-2.6.32 grub lilo
The following NEW packages will be installed:
firmware-linux-free initramfs-tools klibc-utils libklibc libuuid-perl linux-base
linux-image-2.6.32-5-686
0 upgraded, 7 newly installed, 0 to remove and 0 not upgraded.
Need to get 28.3 MB of archives.
After this operation, 81.5 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.us.debian.org/debian/ squeeze/main libuuid-perl i386 0.02-4 [10.1 kB]
Get:2 http://ftp.us.debian.org/debian/ squeeze/main linux-base all 2.6.32-46 [180 kB]
Get:3 http://ftp.us.debian.org/debian/ squeeze/main libklibc i386 1.5.20-1+squeeze1 [51.3 kB]
Get:4 http://ftp.us.debian.org/debian/ squeeze/main klibc-utils i386 1.5.20-1+squeeze1 [159 kB]
Get:5 http://ftp.us.debian.org/debian/ squeeze/main initramfs-tools all 0.98.8 [89.5 kB]
Get:6 http://ftp.us.debian.org/debian/ squeeze/main linux-image-2.6.32-5-686 i386 2.6.32-46 [27.7 MB]
Get:7 http://ftp.us.debian.org/debian/ squeeze/main firmware-linux-free all 2.6.32-46 [158 kB]
Fetched 28.3 MB in 1s (14.7 MB/s)
Preconfiguring packages ...
Selecting previously deselected package libuuid-perl.
(Reading database ... 19877 files and directories currently installed.)
Unpacking libuuid-perl (from .../libuuid-perl_0.02-4_i386.deb) ...
Selecting previously deselected package linux-base.
Unpacking linux-base (from .../linux-base_2.6.32-46_all.deb) ...
Selecting previously deselected package libklibc.
Unpacking libklibc (from .../libklibc_1.5.20-1+squeeze1_i386.deb) ...
Selecting previously deselected package klibc-utils.
Unpacking klibc-utils (from .../klibc-utils_1.5.20-1+squeeze1_i386.deb) ...
Selecting previously deselected package initramfs-tools.
Unpacking initramfs-tools (from .../initramfs-tools_0.98.8_all.deb) ...
Selecting previously deselected package linux-image-2.6.32-5-686.
Unpacking linux-image-2.6.32-5-686 (from .../linux-image-2.6.32-5-686_2.6.32-46_i386.deb) ...
Selecting previously deselected package firmware-linux-free.
Unpacking firmware-linux-free (from .../firmware-linux-free_2.6.32-46_all.deb) ...
Processing triggers for man-db ...
Setting up libuuid-perl (0.02-4) ...
Setting up linux-base (2.6.32-46) ...
Setting up libklibc (1.5.20-1+squeeze1) ...
Setting up klibc-utils (1.5.20-1+squeeze1) ...
Setting up initramfs-tools (0.98.8) ...
update-initramfs: deferring update (trigger activated)
Setting up linux-image-2.6.32-5-686 (2.6.32-46) ...
Running depmod.
Running update-initramfs.
update-initramfs: Generating /boot/initrd.img-2.6.32-5-686
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 2.6.32-5-686 /boot/vmlinuz-2.6.32-5-686
Setting up firmware-linux-free (2.6.32-46) ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-2.6.32-5-686
=========
(apt-get install linux-image-2.6.32-5-amd64 for AMD64 based 64-bit machines)
test that the new kernel metapackage is installed (pray you see output)
dpkg -l "linux-image*" | grep ^ii
I get one line that starts with "ii" followed by the package name, the dotted numeric version, and a short text description.
verify everything is in good order (no output is what you want)
dpkg --audit
aptitude search "~ahold"
apt-get clean
reboot in the linode console
edit /etc/apt/sources.list
vi /etc/apt/sources.list
-----/etc/apt/sources.list-----
#
# deb cdrom:[Debian GNU/Linux 6.0.3 _Squeeze_ - Official i386 NETINST Binary-1 20111008-19:55]/ squeeze main
#deb cdrom:[Debian GNU/Linux 6.0.3 _Squeeze_ - Official i386 NETINST Binary-1 20111008-19:55]/ squeeze main
#deb http://ftp.us.debian.org/debian/ squeeze main
#deb-src http://ftp.us.debian.org/debian/ squeeze main
#deb http://security.debian.org/ squeeze/updates main
#deb-src http://security.debian.org/ squeeze/updates main
# squeeze-updates, previously known as 'volatile'
#deb http://ftp.us.debian.org/debian/ squeeze-updates main
#deb-src http://ftp.us.debian.org/debian/ squeeze-updates main
###################
## Debian Testing ##
###################
# Testing
#deb http://ftp.debian.org/debian/ testing main contrib non-free
#deb-src http://ftp.debian.org/debian/ testing main contrib non-free
# Testing Security http://secure-testing-master.debian.net/
#deb http://security.debian.org wheezy/updates main contrib non-free
#deb-src http://security.debian.org testing/updates main contrib non-free
###################
## Debian Wheezy ##
###################
# Wheezy
deb http://ftp.debian.org/debian/ wheezy main contrib non-free
#deb-src http://ftp.debian.org/debian/ wheezy main contrib non-free
# Wheezy Security http://secure-testing-master.debian.net/
deb http://security.debian.org wheezy/updates main contrib non-free
#deb-src http://security.debian.org wheezy/updates main contrib non-free
----------
update the system
apt-get update
=====Output=====
Get:1 http://security.debian.org wheezy/updates Release.gpg [836 B]
Ign http://security.debian.org/ wheezy/updates/contrib Translation-en
Ign http://security.debian.org/ wheezy/updates/contrib Translation-en_US
Ign http://security.debian.org/ wheezy/updates/main Translation-en
Ign http://security.debian.org/ wheezy/updates/main Translation-en_US
Ign http://security.debian.org/ wheezy/updates/non-free Translation-en
Ign http://security.debian.org/ wheezy/updates/non-free Translation-en_US
Get:2 http://security.debian.org wheezy/updates Release [101 kB]
Get:3 http://ftp.debian.org wheezy Release.gpg [836 B]
Ign http://ftp.debian.org/debian/ wheezy/contrib Translation-en
Ign http://ftp.debian.org/debian/ wheezy/contrib Translation-en_US
Get:4 http://security.debian.org wheezy/updates/main i386 Packages [20 B]
Ign http://ftp.debian.org/debian/ wheezy/main Translation-en
Ign http://ftp.debian.org/debian/ wheezy/main Translation-en_US
Ign http://ftp.debian.org/debian/ wheezy/non-free Translation-en
Ign http://ftp.debian.org/debian/ wheezy/non-free Translation-en_US
Get:5 http://ftp.debian.org wheezy Release [215 kB]
Get:6 http://security.debian.org wheezy/updates/contrib i386 Packages [20 B]
Get:7 http://security.debian.org wheezy/updates/non-free i386 Packages [20 B]
Get:8 http://ftp.debian.org wheezy/main i386 Packages [7,821 kB]
Get:9 http://ftp.debian.org wheezy/contrib i386 Packages [53.2 kB]
Get:10 http://ftp.debian.org wheezy/non-free i386 Packages [98.6 kB]
Fetched 8,290 kB in 5s (1,457 kB/s)
Reading package lists... Done
==========
run a distribution upgrade
apt-get dist-upgrade
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be REMOVED:
console-terminus libept1 portmap
The following NEW packages will be installed:
aptitude-common console-setup-linux dbus exim4-base exim4-config exim4-daemon-light fontconfig
fontconfig-config fonts-droid fonts-liberation gcc-4.7-base ghostscript gnuplot gnuplot-nox groff
gsfonts heirloom-mailx hicolor-icon-theme imagemagick imagemagick-common kmod krb5-locales
libapt-inst1.5 libapt-pkg4.12 libasprintf0c2 libavahi-client3 libavahi-common-data libavahi-common3
libbind9-80 libblas3 libblas3gf libboost-iostreams1.49.0 libcairo2 libclass-isa-perl libcroco3 libcups2
libcupsimage2 libdatrie1 libdb5.1 libdbus-1-3 libdjvulibre-text libdjvulibre21 libdns88 libept1.4.12
libevent-2.0-5 libexiv2-12 libffi5 libfontconfig1 libfreetype6 libgd2-noxpm libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-common libgfortran3 libglib2.0-0 libglib2.0-data libgomp1 libgs9 libgs9-common libice6
libijs-0.35 libilmbase6 libisc84 libisccc80 libisccfg82 libjasper1 libjbig0 libjbig2dec0 libjpeg8
libkmod2 liblcms1 liblcms2-2 liblensfun-data liblensfun0 liblinear-tools liblinear1 liblockfile-bin
liblqr-1-0 libltdl7 liblwres80 liblzma5 libmagickcore5 libmagickcore5-extra libmagickwand5 libmount1
libnetpbm10 libopenexr6 libp11-kit0 libpam-modules-bin libpango1.0-0 libpaper-utils libpaper1
libpipeline1 libpixman-1-0 libpng12-0 libprocps0 libquadmath0 librsvg2-2 librsvg2-common librtmp0
libsemanage-common libsemanage1 libsm6 libssl1.0.0 libsvm-tools libswitch-perl libsystemd-login0
libthai-data libthai0 libtiff4 libtinfo5 libtirpc1 libustr-1.0-1 libwmf0.2-7 libx11-6 libx11-data
libxau6 libxaw7 libxcb-render0 libxcb-shm0 libxcb1 libxdmcp6 libxext6 libxft2 libxmu6 libxpm4
libxrender1 libxt6 multiarch-support netpbm poppler-data psutils python-chardet python-debian
python-debianbts python-fpconst python-soappy python2.7 python2.7-minimal rpcbind shared-mime-info
ttf-dejavu-core ufraw-batch x11-common
The following packages will be upgraded:
adduser apt apt-listchanges apt-utils aptitude arping at base-files base-passwd bash bash-completion
bind9-host bsdmainutils bsdutils busybox ca-certificates console-setup coreutils cpio cron curl dash
debconf debconf-i18n debian-archive-keyring debian-faq debianutils diffutils discover dmidecode dmsetup
dnsutils dpkg e2fslibs e2fsprogs eject file findutils firmware-linux-free ftp gcc-4.4-base
geoip-database gettext-base gnupg gpgv grep groff-base gzip host hostname ifupdown info initramfs-tools
initscripts insserv install-info installation-report iproute iptables iputils-ping isc-dhcp-client
isc-dhcp-common iso-codes kbd keyboard-configuration klibc-utils less libacl1 libattr1 libblkid1
libbsd0 libbz2-1.0 libc-bin libc6 libc6-i686 libcap2 libcomerr2 libcurl3 libcwidget3 libdevmapper1.02.1
libdiscover2 libedit2 libexpat1 libgc1c2 libgcc1 libgcrypt11 libgdbm3 libgeoip1 libgnutls26
libgpg-error0 libgpm2 libgssapi-krb5-2 libgssglue1 libgssrpc4 libidn11 libk5crypto3 libkeyutils1
libklibc libkrb5-3 libkrb5support0 libldap-2.4-2 liblocale-gettext-perl liblockfile1 liblua5.1-0
libmagic1 libncurses5 libncursesw5 libnet1 libnewt0.52 libnfnetlink0 libnfsidmap2 libopts25
libpam-modules libpam-runtime libpam0g libpcap0.8 libpci3 libpcre3 libpopt0 libreadline6 librpcsecgss3
libsasl2-2 libsasl2-modules libselinux1 libsepol1 libsigc++-2.0-0c2a libslang2 libsqlite3-0 libss2
libssh2-1 libstdc++6 libtasn1-3 libtext-charwidth-perl libtext-iconv-perl libudev0 libusb-0.1-4
libuuid-perl libuuid1 libwrap0 libxapian22 libxml2 linux-base locales login logrotate lsb-base
lsb-release lsof m4 man-db manpages mawk mime-support mingetty mlocate module-init-tools mount mtr-tiny
nano ncurses-base ncurses-bin ncurses-term net-tools netbase netcat-traditional nfs-common nmap ntp
openssh-blacklist openssh-blacklist-extra openssh-client openssh-server openssl passwd pciutils perl
perl-base perl-modules procps psmisc python python-apt python-apt-common python-central python-minimal
python-reportbug python-support python2.6 python2.6-minimal readline-common reportbug rsyslog sed
sensible-utils sgml-base sysv-rc sysvinit sysvinit-utils tar tasksel tasksel-data tcpd texinfo time
traceroute tzdata ucf udev util-linux vim vim-common vim-runtime vim-tiny w3m wamerican wget whiptail
whois xkb-data xml-core xz-utils zlib1g
222 upgraded, 143 newly installed, 3 to remove and 0 not upgraded.
Need to get 163 MB of archives.
After this operation, 154 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.debian.org/debian/ wheezy/main locales all 2.13-37 [5,713 kB]
Get:2 http://ftp.debian.org/debian/ wheezy/main libc-bin i386 2.13-37 [1,212 kB]
Get:3 http://ftp.debian.org/debian/ wheezy/main libc6 i386 2.13-37 [3,933 kB]
Get:4 http://ftp.debian.org/debian/ wheezy/main libc6-i686 i386 2.13-37 [1,253 kB]
Get:5 http://ftp.debian.org/debian/ wheezy/main debconf all 1.5.49 [171 kB]
Get:6 http://ftp.debian.org/debian/ wheezy/main gcc-4.7-base i386 4.7.2-5 [143 kB]
Get:7 http://ftp.debian.org/debian/ wheezy/main multiarch-support i386 2.13-37 [149 kB]
Get:8 http://ftp.debian.org/debian/ wheezy/main libgcc1 i386 1:4.7.2-5 [53.3 kB]
Get:9 http://ftp.debian.org/debian/ wheezy/main lsb-base all 4.1+Debian8 [26.3 kB]
Get:10 http://ftp.debian.org/debian/ wheezy/main kbd i386 1.15.3-9 [451 kB]
Get:11 http://ftp.debian.org/debian/ wheezy/main libswitch-perl all 2.16-2 [21.0 kB]
Get:12 http://ftp.debian.org/debian/ wheezy/main libclass-isa-perl all 0.36-3 [12.3 kB]
Get:13 http://ftp.debian.org/debian/ wheezy/main perl-modules all 5.14.2-16 [3,439 kB]
Get:14 http://ftp.debian.org/debian/ wheezy/main libdb5.1 i386 5.1.29-5 [757 kB]
Get:15 http://ftp.debian.org/debian/ wheezy/main libbz2-1.0 i386 1.0.6-4 [46.3 kB]
Get:16 http://ftp.debian.org/debian/ wheezy/main liblzma5 i386 5.1.1alpha+20120614-2 [208 kB]
Get:17 http://ftp.debian.org/debian/ wheezy/main libpam0g i386 1.1.3-7.1 [127 kB]
Get:18 http://ftp.debian.org/debian/ wheezy/main libselinux1 i386 2.1.9-5 [89.9 kB]
Get:19 http://ftp.debian.org/debian/ wheezy/main sensible-utils all 0.0.7 [8,850 B]
Get:20 http://ftp.debian.org/debian/ wheezy/main debianutils i386 4.3.2 [79.7 kB]
Get:21 http://ftp.debian.org/debian/ wheezy/main libsemanage-common all 2.1.6-6 [23.2 kB]
Get:22 http://ftp.debian.org/debian/ wheezy/main libsepol1 i386 2.1.4-3 [136 kB]
Get:23 http://ftp.debian.org/debian/ wheezy/main libustr-1.0-1 i386 1.0.4-3 [90.4 kB]
Get:24 http://ftp.debian.org/debian/ wheezy/main libsemanage1 i386 2.1.6-6 [102 kB]
Get:25 http://ftp.debian.org/debian/ wheezy/main libpam-modules-bin i386 1.1.3-7.1 [113 kB]
Get:26 http://ftp.debian.org/debian/ wheezy/main libpam-modules i386 1.1.3-7.1 [338 kB]
Get:27 http://ftp.debian.org/debian/ wheezy/main passwd i386 1:4.1.5.1-1 [1,235 kB]
Get:28 http://ftp.debian.org/debian/ wheezy/main adduser all 3.113+nmu3 [264 kB]
Get:29 http://ftp.debian.org/debian/ wheezy/main libpam-runtime all 1.1.3-7.1 [228 kB]
Get:30 http://ftp.debian.org/debian/ wheezy/main cron i386 3.0pl1-124 [106 kB]
Get:31 http://ftp.debian.org/debian/ wheezy/main dpkg i386 1.16.9 [2,546 kB]
Get:32 http://ftp.debian.org/debian/ wheezy/main install-info i386 4.13a.dfsg.1-10 [147 kB]
Get:33 http://ftp.debian.org/debian/ wheezy/main libgdbm3 i386 1.8.3-11 [46.6 kB]
Get:34 http://ftp.debian.org/debian/ wheezy/main zlib1g i386 1:1.2.7.dfsg-13 [91.0 kB]
Get:35 http://ftp.debian.org/debian/ wheezy/main perl i386 5.14.2-16 [3,701 kB]
Get:36 http://ftp.debian.org/debian/ wheezy/main libuuid1 i386 2.20.1-5.3 [57.9 kB]
Get:37 http://ftp.debian.org/debian/ wheezy/main libuuid-perl i386 0.02-5 [9,742 B]
Get:38 http://ftp.debian.org/debian/ wheezy/main libtext-charwidth-perl i386 0.04-7+b1 [11.1 kB]
Get:39 http://ftp.debian.org/debian/ wheezy/main libtext-iconv-perl i386 1.7-5 [17.3 kB]
Get:40 http://ftp.debian.org/debian/ wheezy/main perl-base i386 5.14.2-16 [1,494 kB]
Get:41 http://ftp.debian.org/debian/ wheezy/main liblocale-gettext-perl i386 1.05-7+b1 [20.3 kB]
Get:42 http://ftp.debian.org/debian/ wheezy/main netbase all 5.0 [20.1 kB]
Get:43 http://ftp.debian.org/debian/ wheezy/main ifupdown i386 0.7.5 [63.4 kB]
Get:44 http://ftp.debian.org/debian/ wheezy/main iproute i386 20120521-3 [460 kB]
Get:45 http://ftp.debian.org/debian/ wheezy/main console-setup all 1.88 [122 kB]
Get:46 http://ftp.debian.org/debian/ wheezy/main initramfs-tools all 0.109 [91.2 kB]
Get:47 http://ftp.debian.org/debian/ wheezy/main klibc-utils i386 2.0.1-3.1 [189 kB]
Get:48 http://ftp.debian.org/debian/ wheezy/main libklibc i386 2.0.1-3.1 [58.5 kB]
Get:49 http://ftp.debian.org/debian/ wheezy/main libkmod2 i386 9-2 [50.1 kB]
Get:50 http://ftp.debian.org/debian/ wheezy/main module-init-tools all 9-2 [1,792 B]
Get:51 http://ftp.debian.org/debian/ wheezy/main kmod i386 9-2 [59.9 kB]
Get:52 http://ftp.debian.org/debian/ wheezy/main cpio i386 2.11+dfsg-0.1 [267 kB]
Get:53 http://ftp.debian.org/debian/ wheezy/main linux-base all 3.5 [34.3 kB]
Get:54 http://ftp.debian.org/debian/ wheezy/main udev i386 175-7 [375 kB]
Get:55 http://ftp.debian.org/debian/ wheezy/main libudev0 i386 175-7 [128 kB]
Get:56 http://ftp.debian.org/debian/ wheezy/main libblkid1 i386 2.20.1-5.3 [128 kB]
Get:57 http://ftp.debian.org/debian/ wheezy/main libslang2 i386 2.2.4-15 [535 kB]
Get:58 http://ftp.debian.org/debian/ wheezy/main libtinfo5 i386 5.9-10 [269 kB]
Get:59 http://ftp.debian.org/debian/ wheezy/main tzdata all 2012j-1 [500 kB]
Get:60 http://ftp.debian.org/debian/ wheezy/main util-linux i386 2.20.1-5.3 [659 kB]
Get:61 http://ftp.debian.org/debian/ wheezy/main libprocps0 i386 1:3.3.3-2 [56.7 kB]
Get:62 http://ftp.debian.org/debian/ wheezy/main libncurses5 i386 5.9-10 [117 kB]
Get:63 http://ftp.debian.org/debian/ wheezy/main libncursesw5 i386 5.9-10 [149 kB]
Get:64 http://ftp.debian.org/debian/ wheezy/main procps i386 1:3.3.3-2 [244 kB]
Get:65 http://ftp.debian.org/debian/ wheezy/main libevent-2.0-5 i386 2.0.19-stable-3 [171 kB]
Get:66 http://ftp.debian.org/debian/ wheezy/main libmount1 i386 2.20.1-5.3 [121 kB]
Get:67 http://ftp.debian.org/debian/ wheezy/main libgssglue1 i386 0.4-2 [26.1 kB]
Get:68 http://ftp.debian.org/debian/ wheezy/main libtirpc1 i386 0.2.2-5 [87.9 kB]
Get:69 http://ftp.debian.org/debian/ wheezy/main insserv i386 1.14.0-5 [64.7 kB]
Get:70 http://ftp.debian.org/debian/ wheezy/main nfs-common i386 1:1.2.6-3 [281 kB]
Get:71 http://ftp.debian.org/debian/ wheezy/main rsyslog i386 5.8.11-2 [549 kB]
Get:72 http://ftp.debian.org/debian/ wheezy/main initscripts i386 2.88dsf-34 [90.5 kB]
Get:73 http://ftp.debian.org/debian/ wheezy/main rpcbind i386 0.2.0-8 [44.8 kB]
Get:74 http://ftp.debian.org/debian/ wheezy/main tcpd i386 7.6.q-24 [27.5 kB]
Get:75 http://ftp.debian.org/debian/ wheezy/main libwrap0 i386 7.6.q-24 [62.2 kB]
Get:76 http://ftp.debian.org/debian/ wheezy/main libattr1 i386 1:2.4.46-8 [19.5 kB]
Get:77 http://ftp.debian.org/debian/ wheezy/main libcap2 i386 1:2.22-1.2 [14.0 kB]
Get:78 http://ftp.debian.org/debian/ wheezy/main libcomerr2 i386 1.42.5-1 [55.9 kB]
Get:79 http://ftp.debian.org/debian/ wheezy/main dmsetup i386 2:1.02.74-4 [67.9 kB]
Get:80 http://ftp.debian.org/debian/ wheezy/main libdevmapper1.02.1 i386 2:1.02.74-4 [125 kB]
Get:81 http://ftp.debian.org/debian/ wheezy/main libkeyutils1 i386 1.5.5-3 [8,576 B]
Get:82 http://ftp.debian.org/debian/ wheezy/main libgssapi-krb5-2 i386 1.10.1+dfsg-3 [149 kB]
Get:83 http://ftp.debian.org/debian/ wheezy/main libk5crypto3 i386 1.10.1+dfsg-3 [108 kB]
Get:84 http://ftp.debian.org/debian/ wheezy/main libkrb5-3 i386 1.10.1+dfsg-3 [403 kB]
Get:85 http://ftp.debian.org/debian/ wheezy/main libkrb5support0 i386 1.10.1+dfsg-3 [49.3 kB]
Get:86 http://ftp.debian.org/debian/ wheezy/main libp11-kit0 i386 0.12-3 [51.8 kB]
Get:87 http://ftp.debian.org/debian/ wheezy/main libgpg-error0 i386 1.10-3.1 [79.2 kB]
Get:88 http://ftp.debian.org/debian/ wheezy/main libgnutls26 i386 2.12.20-2 [604 kB]
Get:89 http://ftp.debian.org/debian/ wheezy/main libgcrypt11 i386 1.5.0-3 [299 kB]
Get:90 http://ftp.debian.org/debian/ wheezy/main libtasn1-3 i386 2.13-2 [67.5 kB]
Get:91 http://ftp.debian.org/debian/ wheezy/main libssl1.0.0 i386 1.0.1c-4 [3,021 kB]
Get:92 http://ftp.debian.org/debian/ wheezy/main libsasl2-modules i386 2.1.25.dfsg1-6 [114 kB]
Get:93 http://ftp.debian.org/debian/ wheezy/main libsasl2-2 i386 2.1.25.dfsg1-6 [120 kB]
Get:94 http://ftp.debian.org/debian/ wheezy/main libldap-2.4-2 i386 2.4.31-1 [242 kB]
Get:95 http://ftp.debian.org/debian/ wheezy/main libnfsidmap2 i386 0.25-4 [36.6 kB]
Get:96 http://ftp.debian.org/debian/ wheezy/main libacl1 i386 2.2.51-8 [30.5 kB]
Get:97 http://ftp.debian.org/debian/ wheezy/main coreutils i386 8.13-3.5 [5,518 kB]
Get:98 http://ftp.debian.org/debian/ wheezy/main ucf all 3.0025+nmu3 [70.8 kB]
Get:99 http://ftp.debian.org/debian/ wheezy/main sysvinit-utils i386 2.88dsf-34 [98.9 kB]
Get:100 http://ftp.debian.org/debian/ wheezy/main sysv-rc all 2.88dsf-34 [80.2 kB]
Get:101 http://ftp.debian.org/debian/ wheezy/main mount i386 2.20.1-5.3 [212 kB]
Get:102 http://ftp.debian.org/debian/ wheezy/main keyboard-configuration all 1.88 [607 kB]
Get:103 http://ftp.debian.org/debian/ wheezy/main console-setup-linux all 1.88 [995 kB]
Get:104 http://ftp.debian.org/debian/ wheezy/main xkb-data all 2.5.1-3 [645 kB]
Get:105 http://ftp.debian.org/debian/ wheezy/main aptitude i386 0.6.8.2-1 [1,456 kB]
Get:106 http://ftp.debian.org/debian/ wheezy/main aptitude-common all 0.6.8.2-1 [1,497 kB]
Get:107 http://ftp.debian.org/debian/ wheezy/main libstdc++6 i386 4.7.2-5 [346 kB]
Get:108 http://ftp.debian.org/debian/ wheezy/main libapt-inst1.5 i386 0.9.7.7 [165 kB]
Get:109 http://ftp.debian.org/debian/ wheezy/main python2.7-minimal i386 2.7.3-6 [1,716 kB]
Get:110 http://ftp.debian.org/debian/ wheezy/main libexpat1 i386 2.1.0-1 [140 kB]
Get:111 http://ftp.debian.org/debian/ wheezy/main mime-support all 3.52-1 [35.5 kB]
Get:112 http://ftp.debian.org/debian/ wheezy/main readline-common all 6.2+dfsg-0.1 [31.9 kB]
Get:113 http://ftp.debian.org/debian/ wheezy/main libreadline6 i386 6.2+dfsg-0.1 [162 kB]
Get:114 http://ftp.debian.org/debian/ wheezy/main libsqlite3-0 i386 3.7.13-1 [464 kB]
Get:115 http://ftp.debian.org/debian/ wheezy/main python2.7 i386 2.7.3-6 [2,718 kB]
Get:116 http://ftp.debian.org/debian/ wheezy/main python-support all 1.0.15 [33.6 kB]
Get:117 http://ftp.debian.org/debian/ wheezy/main python-apt-common all 0.8.8.1 [113 kB]
Get:118 http://ftp.debian.org/debian/ wheezy/main python-apt i386 0.8.8.1 [314 kB]
Get:119 http://ftp.debian.org/debian/ wheezy/main python all 2.7.3~rc2-1 [179 kB]
Get:120 http://ftp.debian.org/debian/ wheezy/main python-minimal all 2.7.3~rc2-1 [40.4 kB]
Get:121 http://ftp.debian.org/debian/ wheezy/main apt-utils i386 0.9.7.7 [379 kB]
Get:122 http://ftp.debian.org/debian/ wheezy/main gpgv i386 1.4.12-7 [220 kB]
Get:123 http://ftp.debian.org/debian/ wheezy/main debian-archive-keyring all 2012.4 [30.4 kB]
Get:124 http://ftp.debian.org/debian/ wheezy/main libusb-0.1-4 i386 2:0.1.12-20+nmu1 [22.8 kB]
Get:125 http://ftp.debian.org/debian/ wheezy/main gnupg i386 1.4.12-7 [1,938 kB]
Get:126 http://ftp.debian.org/debian/ wheezy/main libapt-pkg4.12 i386 0.9.7.7 [899 kB]
Get:127 http://ftp.debian.org/debian/ wheezy/main apt i386 0.9.7.7 [1,260 kB]
Get:128 http://ftp.debian.org/debian/ wheezy/main libboost-iostreams1.49.0 i386 1.49.0-3.1 [60.2 kB]
Get:129 http://ftp.debian.org/debian/ wheezy/main libsigc++-2.0-0c2a i386 2.2.10-0.2 [43.0 kB]
Get:130 http://ftp.debian.org/debian/ wheezy/main libcwidget3 i386 0.5.16-3.4 [409 kB]
Get:131 http://ftp.debian.org/debian/ wheezy/main libxapian22 i386 1.2.12-2 [2,034 kB]
Get:132 http://ftp.debian.org/debian/ wheezy/main libept1.4.12 i386 1.0.9 [212 kB]
Get:133 http://ftp.debian.org/debian/ wheezy/main base-files i386 7.1 [77.0 kB]
Get:134 http://ftp.debian.org/debian/ wheezy/main bash i386 4.2+dfsg-0.1 [1,475 kB]
Get:135 http://ftp.debian.org/debian/ wheezy/main dash i386 0.5.7-3 [109 kB]
Get:136 http://ftp.debian.org/debian/ wheezy/main diffutils i386 1:3.2-6 [363 kB]
Get:137 http://ftp.debian.org/debian/ wheezy/main e2fslibs i386 1.42.5-1 [211 kB]
Get:138 http://ftp.debian.org/debian/ wheezy/main e2fsprogs i386 1.42.5-1 [982 kB]
Get:139 http://ftp.debian.org/debian/ wheezy/main findutils i386 4.4.2-4 [623 kB]
Get:140 http://ftp.debian.org/debian/ wheezy/main grep i386 2.12-2 [456 kB]
Get:141 http://ftp.debian.org/debian/ wheezy/main gzip i386 1.5-1.1 [115 kB]
Get:142 http://ftp.debian.org/debian/ wheezy/main hostname i386 3.11 [14.7 kB]
Get:143 http://ftp.debian.org/debian/ wheezy/main login i386 1:4.1.5.1-1 [984 kB]
Get:144 http://ftp.debian.org/debian/ wheezy/main ncurses-bin i386 5.9-10 [332 kB]
Get:145 http://ftp.debian.org/debian/ wheezy/main sed i386 4.2.1-10 [250 kB]
Get:146 http://ftp.debian.org/debian/ wheezy/main sysvinit i386 2.88dsf-34 [130 kB]
Get:147 http://ftp.debian.org/debian/ wheezy/main tar i386 1.26+dfsg-0.1 [984 kB]
Get:148 http://ftp.debian.org/debian/ wheezy/main base-passwd i386 3.5.26 [47.1 kB]
Get:149 http://ftp.debian.org/debian/ wheezy/main bsdutils i386 1:2.20.1-5.3 [83.1 kB]
Get:150 http://ftp.debian.org/debian/ wheezy/main ncurses-base all 5.9-10 [198 kB]
Get:151 http://ftp.debian.org/debian/ wheezy/main libss2 i386 1.42.5-1 [60.7 kB]
Get:152 http://ftp.debian.org/debian/ wheezy/main libnewt0.52 i386 0.52.14-10 [71.8 kB]
Get:153 http://ftp.debian.org/debian/ wheezy/main libpipeline1 i386 1.2.1-1 [38.6 kB]
Get:154 http://ftp.debian.org/debian/ wheezy/main libpopt0 i386 1.16-7 [57.5 kB]
Get:155 http://ftp.debian.org/debian/ wheezy/main tasksel-data all 3.14 [20.8 kB]
Get:156 http://ftp.debian.org/debian/ wheezy/main tasksel all 3.14 [94.7 kB]
Get:157 http://ftp.debian.org/debian/ wheezy/main mawk i386 1.3.3-17 [87.3 kB]
Get:158 http://ftp.debian.org/debian/ wheezy/main bash-completion all 1:2.0-1 [193 kB]
Get:159 http://ftp.debian.org/debian/ wheezy/main gettext-base i386 0.18.1.1-9 [131 kB]
Get:160 http://ftp.debian.org/debian/ wheezy/main libasprintf0c2 i386 0.18.1.1-9 [26.7 kB]
Get:161 http://ftp.debian.org/debian/ wheezy/main libbsd0 i386 0.4.2-1 [60.3 kB]
Get:162 http://ftp.debian.org/debian/ wheezy/main libedit2 i386 2.11-20080614-5 [71.5 kB]
Get:163 http://ftp.debian.org/debian/ wheezy/main libgpm2 i386 1.20.4-6 [35.9 kB]
Get:164 http://ftp.debian.org/debian/ wheezy/main libgssrpc4 i386 1.10.1+dfsg-3 [87.2 kB]
Get:165 http://ftp.debian.org/debian/ wheezy/main libidn11 i386 1.25-2 [178 kB]
Get:166 http://ftp.debian.org/debian/ wheezy/main liblockfile1 i386 1.09-5 [15.5 kB]
Get:167 http://ftp.debian.org/debian/ wheezy/main liblockfile-bin i386 1.09-5 [18.6 kB]
Get:168 http://ftp.debian.org/debian/ wheezy/main file i386 5.11-2 [51.5 kB]
Get:169 http://ftp.debian.org/debian/ wheezy/main libmagic1 i386 5.11-2 [204 kB]
Get:170 http://ftp.debian.org/debian/ wheezy/main pciutils i386 1:3.1.9-6 [281 kB]
Get:171 http://ftp.debian.org/debian/ wheezy/main libpci3 i386 1:3.1.9-6 [58.3 kB]
Get:172 http://ftp.debian.org/debian/ wheezy/main libpcre3 i386 1:8.30-5 [240 kB]
Get:173 http://ftp.debian.org/debian/ wheezy/main librpcsecgss3 i386 0.19-5 [36.7 kB]
Get:174 http://ftp.debian.org/debian/ wheezy/main libxml2 i386 2.8.0+dfsg1-7 [893 kB]
Get:175 http://ftp.debian.org/debian/ wheezy/main geoip-database all 20130108-1 [1,432 kB]
Get:176 http://ftp.debian.org/debian/ wheezy/main imagemagick-common all 8:6.7.7.10-5 [128 kB]
Get:177 http://ftp.debian.org/debian/ wheezy/main libavahi-common-data i386 0.6.31-1 [137 kB]
Get:178 http://ftp.debian.org/debian/ wheezy/main libavahi-common3 i386 0.6.31-1 [55.1 kB]
Get:179 http://ftp.debian.org/debian/ wheezy/main libdbus-1-3 i386 1.6.8-1 [176 kB]
Get:180 http://ftp.debian.org/debian/ wheezy/main libavahi-client3 i386 0.6.31-1 [58.8 kB]
Get:181 http://ftp.debian.org/debian/ wheezy/main libfreetype6 i386 2.4.9-1.1 [454 kB]
Get:182 http://ftp.debian.org/debian/ wheezy/main ttf-dejavu-core all 2.33-3 [1,021 kB]
Get:183 http://ftp.debian.org/debian/ wheezy/main fontconfig-config all 2.9.0-7.1 [233 kB]
Get:184 http://ftp.debian.org/debian/ wheezy/main libfontconfig1 i386 2.9.0-7.1 [301 kB]
Get:185 http://ftp.debian.org/debian/ wheezy/main libpixman-1-0 i386 0.26.0-3 [442 kB]
Get:186 http://ftp.debian.org/debian/ wheezy/main libpng12-0 i386 1.2.49-1 [192 kB]
Get:187 http://ftp.debian.org/debian/ wheezy/main libxau6 i386 1:1.0.7-1 [18.6 kB]
Get:188 http://ftp.debian.org/debian/ wheezy/main libxdmcp6 i386 1:1.1.1-1 [27.0 kB]
Get:189 http://ftp.debian.org/debian/ wheezy/main libxcb1 i386 1.8.1-2 [54.1 kB]
Get:190 http://ftp.debian.org/debian/ wheezy/main libx11-data all 2:1.5.0-1 [189 kB]
Get:191 http://ftp.debian.org/debian/ wheezy/main libx11-6 i386 2:1.5.0-1 [907 kB]
Get:192 http://ftp.debian.org/debian/ wheezy/main libxcb-render0 i386 1.8.1-2 [19.5 kB]
Get:193 http://ftp.debian.org/debian/ wheezy/main libxcb-shm0 i386 1.8.1-2 [10.5 kB]
Get:194 http://ftp.debian.org/debian/ wheezy/main libxrender1 i386 1:0.9.7-1 [32.0 kB]
Get:195 http://ftp.debian.org/debian/ wheezy/main libcairo2 i386 1.12.2-2 [944 kB]
Get:196 http://ftp.debian.org/debian/ wheezy/main libffi5 i386 3.0.10-3 [21.0 kB]
Get:197 http://ftp.debian.org/debian/ wheezy/main libglib2.0-0 i386 2.33.12+really2.32.4-3 [1,830 kB]
Get:198 http://ftp.debian.org/debian/ wheezy/main libcroco3 i386 0.6.6-2 [133 kB]
Get:199 http://ftp.debian.org/debian/ wheezy/main libcups2 i386 1.5.3-2.13 [255 kB]
Get:200 http://ftp.debian.org/debian/ wheezy/main libjpeg8 i386 8d-1 [132 kB]
Get:201 http://ftp.debian.org/debian/ wheezy/main libjbig0 i386 2.0-2 [31.8 kB]
Get:202 http://ftp.debian.org/debian/ wheezy/main libtiff4 i386 3.9.6-11 [201 kB]
Get:203 http://ftp.debian.org/debian/ wheezy/main libcupsimage2 i386 1.5.3-2.13 [138 kB]
Get:204 http://ftp.debian.org/debian/ wheezy/main librtmp0 i386 2.4+20111222.git4e06e21-1 [62.7 kB]
Get:205 http://ftp.debian.org/debian/ wheezy/main libssh2-1 i386 1.4.2-1.1 [134 kB]
Get:206 http://ftp.debian.org/debian/ wheezy/main libcurl3 i386 7.26.0-1 [336 kB]
Get:207 http://ftp.debian.org/debian/ wheezy/main libdatrie1 i386 0.2.5-3 [29.8 kB]
Get:208 http://ftp.debian.org/debian/ wheezy/main libdjvulibre-text all 3.5.25.3-1 [78.1 kB]
Get:209 http://ftp.debian.org/debian/ wheezy/main libdjvulibre21 i386 3.5.25.3-1 [736 kB]
Get:210 http://ftp.debian.org/debian/ wheezy/main libgd2-noxpm i386 2.0.36~rc1~dfsg-6.1 [229 kB]
Get:211 http://ftp.debian.org/debian/ wheezy/main libjasper1 i386 1.900.1-13 [159 kB]
Get:212 http://ftp.debian.org/debian/ wheezy/main libgdk-pixbuf2.0-common all 2.26.1-1 [497 kB]
Get:213 http://ftp.debian.org/debian/ wheezy/main libgdk-pixbuf2.0-0 i386 2.26.1-1 [199 kB]
Get:214 http://ftp.debian.org/debian/ wheezy/main libquadmath0 i386 4.7.2-5 [198 kB]
Get:215 http://ftp.debian.org/debian/ wheezy/main libgfortran3 i386 4.7.2-5 [335 kB]
Get:216 http://ftp.debian.org/debian/ wheezy/main libgomp1 i386 4.7.2-5 [29.1 kB]
Get:217 http://ftp.debian.org/debian/ wheezy/main x11-common all 1:7.7+1 [278 kB]
Get:218 http://ftp.debian.org/debian/ wheezy/main libice6 i386 2:1.0.8-2 [61.7 kB]
Get:219 http://ftp.debian.org/debian/ wheezy/main liblcms1 i386 1.19.dfsg-1.2 [116 kB]
Get:220 http://ftp.debian.org/debian/ wheezy/main liblcms2-2 i386 2.2+git20110628-2.2 [146 kB]
Get:221 http://ftp.debian.org/debian/ wheezy/main liblqr-1-0 i386 0.4.1-2 [28.5 kB]
Get:222 http://ftp.debian.org/debian/ wheezy/main libltdl7 i386 2.4.2-1.1 [352 kB]
Get:223 http://ftp.debian.org/debian/ wheezy/main liblua5.1-0 i386 5.1.5-4 [186 kB]
Get:224 http://ftp.debian.org/debian/ wheezy/main libsm6 i386 2:1.2.1-2 [33.7 kB]
Get:225 http://ftp.debian.org/debian/ wheezy/main libxext6 i386 2:1.3.1-2 [55.2 kB]
Get:226 http://ftp.debian.org/debian/ wheezy/main libxt6 i386 1:1.1.3-1 [205 kB]
Get:227 http://ftp.debian.org/debian/ wheezy/main libmagickcore5 i386 8:6.7.7.10-5 [2,020 kB]
Get:228 http://ftp.debian.org/debian/ wheezy/main libilmbase6 i386 1.0.1-4 [124 kB]
Get:229 http://ftp.debian.org/debian/ wheezy/main libmagickwand5 i386 8:6.7.7.10-5 [419 kB]
Get:230 http://ftp.debian.org/debian/ wheezy/main libopenexr6 i386 1.6.1-6 [256 kB]
Get:231 http://ftp.debian.org/debian/ wheezy/main libthai-data all 0.1.18-2 [154 kB]
Get:232 http://ftp.debian.org/debian/ wheezy/main libthai0 i386 0.1.18-2 [42.7 kB]
Get:233 http://ftp.debian.org/debian/ wheezy/main libxft2 i386 2.3.1-1 [61.0 kB]
Get:234 http://ftp.debian.org/debian/ wheezy/main fontconfig i386 2.9.0-7.1 [348 kB]
Get:235 http://ftp.debian.org/debian/ wheezy/main libpango1.0-0 i386 1.30.0-1 [464 kB]
Get:236 http://ftp.debian.org/debian/ wheezy/main librsvg2-2 i386 2.36.1-1 [259 kB]
Get:237 http://ftp.debian.org/debian/ wheezy/main libwmf0.2-7 i386 0.2.8.4-10.2 [193 kB]
Get:238 http://ftp.debian.org/debian/ wheezy/main libmagickcore5-extra i386 8:6.7.7.10-5 [162 kB]
Get:239 http://ftp.debian.org/debian/ wheezy/main libpaper1 i386 1.1.24+nmu2 [21.9 kB]
Get:240 http://ftp.debian.org/debian/ wheezy/main libpcap0.8 i386 1.3.0-1 [141 kB]
Get:241 http://ftp.debian.org/debian/ wheezy/main libxmu6 i386 2:1.1.1-1 [66.7 kB]
Get:242 http://ftp.debian.org/debian/ wheezy/main libxpm4 i386 1:3.5.10-1 [50.0 kB]
Get:243 http://ftp.debian.org/debian/ wheezy/main libxaw7 i386 2:1.0.10-2 [226 kB]
Get:244 http://ftp.debian.org/debian/ wheezy/main libopts25 i386 1:5.12-0.1 [72.2 kB]
Get:245 http://ftp.debian.org/debian/ wheezy/main ntp i386 1:4.2.6.p5+dfsg-2 [542 kB]
Get:246 http://ftp.debian.org/debian/ wheezy/main openssh-blacklist all 0.4.1+nmu1 [1,835 kB]
Get:247 http://ftp.debian.org/debian/ wheezy/main openssh-blacklist-extra all 0.4.1+nmu1 [1,835 kB]
Get:248 http://ftp.debian.org/debian/ wheezy/main poppler-data all 0.4.5-10 [1,479 kB]
Get:249 http://ftp.debian.org/debian/ wheezy/main libsystemd-login0 i386 44-8 [29.2 kB]
Get:250 http://ftp.debian.org/debian/ wheezy/main xz-utils i386 5.1.1alpha+20120614-2 [238 kB]
Get:251 http://ftp.debian.org/debian/ wheezy/main bsdmainutils i386 9.0.3 [205 kB]
Get:252 http://ftp.debian.org/debian/ wheezy/main dmidecode i386 2.11-9 [71.3 kB]
Get:253 http://ftp.debian.org/debian/ wheezy/main groff-base i386 1.21-9 [1,131 kB]
Get:254 http://ftp.debian.org/debian/ wheezy/main info i386 4.13a.dfsg.1-10 [220 kB]
Get:255 http://ftp.debian.org/debian/ wheezy/main libnfnetlink0 i386 1.0.0-1.1 [14.9 kB]
Get:256 http://ftp.debian.org/debian/ wheezy/main iptables i386 1.4.14-3 [387 kB]
Get:257 http://ftp.debian.org/debian/ wheezy/main iputils-ping i386 3:20101006-1+b1 [55.2 kB]
Get:258 http://ftp.debian.org/debian/ wheezy/main isc-dhcp-client i386 4.2.2.dfsg.1-5+deb70u2 [792 kB]
Get:259 http://ftp.debian.org/debian/ wheezy/main isc-dhcp-common i386 4.2.2.dfsg.1-5+deb70u2 [852 kB]
Get:260 http://ftp.debian.org/debian/ wheezy/main logrotate i386 3.8.1-4 [49.5 kB]
Get:261 http://ftp.debian.org/debian/ wheezy/main man-db i386 2.6.2-1 [1,055 kB]
Get:262 http://ftp.debian.org/debian/ wheezy/main manpages all 3.44-1 [795 kB]
Get:263 http://ftp.debian.org/debian/ wheezy/main nano i386 2.2.6-1+b1 [582 kB]
Get:264 http://ftp.debian.org/debian/ wheezy/main net-tools i386 1.60-24.2 [336 kB]
Get:265 http://ftp.debian.org/debian/ wheezy/main netcat-traditional i386 1.10-40 [69.4 kB]
Get:266 http://ftp.debian.org/debian/ wheezy/main traceroute i386 1:2.0.18-3 [50.3 kB]
Get:267 http://ftp.debian.org/debian/ wheezy/main vim i386 2:7.3.547-6 [778 kB]
Get:268 http://ftp.debian.org/debian/ wheezy/main vim-tiny i386 2:7.3.547-6 [327 kB]
Get:269 http://ftp.debian.org/debian/ wheezy/main vim-runtime all 2:7.3.547-6 [4,606 kB]
Get:270 http://ftp.debian.org/debian/ wheezy/main vim-common i386 2:7.3.547-6 [162 kB]
Get:271 http://ftp.debian.org/debian/ wheezy/main wget i386 1.13.4-3 [764 kB]
Get:272 http://ftp.debian.org/debian/ wheezy/main whiptail i386 0.52.14-10 [33.1 kB]
Get:273 http://ftp.debian.org/debian/ wheezy/main debconf-i18n all 1.5.49 [237 kB]
Get:274 http://ftp.debian.org/debian/ wheezy/main apt-listchanges all 2.85.11 [88.7 kB]
Get:275 http://ftp.debian.org/debian/ wheezy/main at i386 3.1.13-2 [43.5 kB]
Get:276 http://ftp.debian.org/debian/ wheezy/main libgeoip1 i386 1.4.8+dfsg-3 [121 kB]
Get:277 http://ftp.debian.org/debian/ wheezy/main libisc84 i386 1:9.8.4.dfsg.P1-4 [181 kB]
Get:278 http://ftp.debian.org/debian/ wheezy/main libdns88 i386 1:9.8.4.dfsg.P1-4 [739 kB]
Get:279 http://ftp.debian.org/debian/ wheezy/main libisccc80 i386 1:9.8.4.dfsg.P1-4 [35.6 kB]
Get:280 http://ftp.debian.org/debian/ wheezy/main libisccfg82 i386 1:9.8.4.dfsg.P1-4 [59.0 kB]
Get:281 http://ftp.debian.org/debian/ wheezy/main libbind9-80 i386 1:9.8.4.dfsg.P1-4 [41.9 kB]
Get:282 http://ftp.debian.org/debian/ wheezy/main liblwres80 i386 1:9.8.4.dfsg.P1-4 [54.8 kB]
Get:283 http://ftp.debian.org/debian/ wheezy/main bind9-host i386 1:9.8.4.dfsg.P1-4 [71.5 kB]
Get:284 http://ftp.debian.org/debian/ wheezy/main debian-faq all 5.0.1 [637 kB]
Get:285 http://ftp.debian.org/debian/ wheezy/main host all 1:9.8.4.dfsg.P1-4 [20.0 kB]
Get:286 http://ftp.debian.org/debian/ wheezy/main dnsutils i386 1:9.8.4.dfsg.P1-4 [162 kB]
Get:287 http://ftp.debian.org/debian/ wheezy/main exim4-config all 4.80-7 [478 kB]
Get:288 http://ftp.debian.org/debian/ wheezy/main exim4-base i386 4.80-7 [1,037 kB]
Get:289 http://ftp.debian.org/debian/ wheezy/main exim4-daemon-light i386 4.80-7 [628 kB]
Get:290 http://ftp.debian.org/debian/ wheezy/main ftp i386 0.17-27 [58.2 kB]
Get:291 http://ftp.debian.org/debian/ wheezy/main krb5-locales all 1.10.1+dfsg-3 [1,502 kB]
Get:292 http://ftp.debian.org/debian/ wheezy/main less i386 444-4 [134 kB]
Get:293 http://ftp.debian.org/debian/ wheezy/main libgc1c2 i386 1:7.1-9.1 [137 kB]
Get:294 http://ftp.debian.org/debian/ wheezy/main lsof i386 4.86+dfsg-1 [312 kB]
Get:295 http://ftp.debian.org/debian/ wheezy/main m4 i386 1.4.16-3 [256 kB]
Get:296 http://ftp.debian.org/debian/ wheezy/main mlocate i386 0.23.1-1 [108 kB]
Get:297 http://ftp.debian.org/debian/ wheezy/main ncurses-term all 5.9-10 [602 kB]
Get:298 http://ftp.debian.org/debian/ wheezy/main openssh-server i386 1:6.0p1-3 [343 kB]
Get:299 http://ftp.debian.org/debian/ wheezy/main openssh-client i386 1:6.0p1-3 [1,046 kB]
Get:300 http://ftp.debian.org/debian/ wheezy/main reportbug all 6.4.3 [126 kB]
Get:301 http://ftp.debian.org/debian/ wheezy/main python2.6 i386 2.6.8-0.2 [2,474 kB]
Get:302 http://ftp.debian.org/debian/ wheezy/main python2.6-minimal i386 2.6.8-0.2 [1,511 kB]
Get:303 http://ftp.debian.org/debian/ wheezy/main python-chardet all 2.0.1-2 [177 kB]
Get:304 http://ftp.debian.org/debian/ wheezy/main python-debian all 0.1.21 [61.3 kB]
Get:305 http://ftp.debian.org/debian/ wheezy/main python-fpconst all 0.7.2-5 [5,538 B]
Get:306 http://ftp.debian.org/debian/ wheezy/main python-soappy all 0.12.0-4 [129 kB]
Get:307 http://ftp.debian.org/debian/ wheezy/main python-debianbts all 1.11 [8,256 B]
Get:308 http://ftp.debian.org/debian/ wheezy/main python-reportbug all 6.4.3 [136 kB]
Get:309 http://ftp.debian.org/debian/ wheezy/main texinfo i386 4.13a.dfsg.1-10 [971 kB]
Get:310 http://ftp.debian.org/debian/ wheezy/main time i386 1.7-24 [34.1 kB]
Get:311 http://ftp.debian.org/debian/ wheezy/main w3m i386 0.5.3-8 [1,246 kB]
Get:312 http://ftp.debian.org/debian/ wheezy/main wamerican all 7.1-1 [272 kB]
Get:313 http://ftp.debian.org/debian/ wheezy/main whois i386 5.0.20 [53.8 kB]
Get:314 http://ftp.debian.org/debian/ wheezy/main libnet1 i386 1.1.4-2.1 [62.7 kB]
Get:315 http://ftp.debian.org/debian/ wheezy/main arping i386 2.11-1 [26.2 kB]
Get:316 http://ftp.debian.org/debian/ wheezy/main busybox i386 1:1.20.0-7 [441 kB]
Get:317 http://ftp.debian.org/debian/ wheezy/main openssl i386 1.0.1c-4 [692 kB]
Get:318 http://ftp.debian.org/debian/ wheezy/main ca-certificates all 20120623 [183 kB]
Get:319 http://ftp.debian.org/debian/ wheezy/main curl i386 7.26.0-1 [269 kB]
Get:320 http://ftp.debian.org/debian/ wheezy/main dbus i386 1.6.8-1 [406 kB]
Get:321 http://ftp.debian.org/debian/ wheezy/main discover i386 2.1.2-5.2 [43.8 kB]
Get:322 http://ftp.debian.org/debian/ wheezy/main libdiscover2 i386 2.1.2-5.2 [104 kB]
Get:323 http://ftp.debian.org/debian/ wheezy/main eject i386 2.1.5+deb1+cvs20081104-13 [62.3 kB]
Get:324 http://ftp.debian.org/debian/ wheezy/main firmware-linux-free all 3.2 [20.7 kB]
Get:325 http://ftp.debian.org/debian/ wheezy/main fonts-droid all 20111207+git-1 [4,312 kB]
Get:326 http://ftp.debian.org/debian/ wheezy/main fonts-liberation all 1.07.2-6 [1,323 kB]
Get:327 http://ftp.debian.org/debian/ wheezy/main gcc-4.4-base i386 4.4.7-2 [126 kB]
Get:328 http://ftp.debian.org/debian/ wheezy/main libijs-0.35 i386 0.35-8 [20.7 kB]
Get:329 http://ftp.debian.org/debian/ wheezy/main libjbig2dec0 i386 0.11+20120125-1 [51.6 kB]
Get:330 http://ftp.debian.org/debian/ wheezy/main libgs9-common all 9.05~dfsg-6.3 [1,977 kB]
Get:331 http://ftp.debian.org/debian/ wheezy/main libgs9 i386 9.05~dfsg-6.3 [1,855 kB]
Get:332 http://ftp.debian.org/debian/ wheezy/main gsfonts all 1:8.11+urwcyr1.0.7~pre44-4.2 [3,364 kB]
Get:333 http://ftp.debian.org/debian/ wheezy/main ghostscript i386 9.05~dfsg-6.3 [80.0 kB]
Get:334 http://ftp.debian.org/debian/ wheezy/main gnuplot-nox i386 4.6.0-8 [928 kB]
Get:335 http://ftp.debian.org/debian/ wheezy/main gnuplot all 4.6.0-8 [73.9 kB]
Get:336 http://ftp.debian.org/debian/ wheezy/main groff i386 1.21-9 [3,563 kB]
Get:337 http://ftp.debian.org/debian/ wheezy/main heirloom-mailx i386 12.5-2 [265 kB]
Get:338 http://ftp.debian.org/debian/ wheezy/main hicolor-icon-theme all 0.12-1 [11.7 kB]
Get:339 http://ftp.debian.org/debian/ wheezy/main imagemagick i386 8:6.7.7.10-5 [284 kB]
Get:340 http://ftp.debian.org/debian/ wheezy/main installation-report all 2.49 [19.1 kB]
Get:341 http://ftp.debian.org/debian/ wheezy/main iso-codes all 3.40-1 [2,064 kB]
Get:342 http://ftp.debian.org/debian/ wheezy/main libblas3 i386 1.2.20110419-5 [213 kB]
Get:343 http://ftp.debian.org/debian/ wheezy/main libblas3gf all 1.2.20110419-5 [8,090 B]
Get:344 http://ftp.debian.org/debian/ wheezy/main libexiv2-12 i386 0.23-1 [798 kB]
Get:345 http://ftp.debian.org/debian/ wheezy/main libglib2.0-data all 2.33.12+really2.32.4-3 [1,607 kB]
Get:346 http://ftp.debian.org/debian/ wheezy/main liblinear1 i386 1.8+dfsg-1 [33.0 kB]
Get:347 http://ftp.debian.org/debian/ wheezy/main liblinear-tools i386 1.8+dfsg-1 [19.8 kB]
Get:348 http://ftp.debian.org/debian/ wheezy/main libnetpbm10 i386 2:10.0-15+b1 [92.3 kB]
Get:349 http://ftp.debian.org/debian/ wheezy/main libpaper-utils i386 1.1.24+nmu2 [18.1 kB]
Get:350 http://ftp.debian.org/debian/ wheezy/main librsvg2-common i386 2.36.1-1 [162 kB]
Get:351 http://ftp.debian.org/debian/ wheezy/main libsvm-tools i386 3.12-1 [114 kB]
Get:352 http://ftp.debian.org/debian/ wheezy/main lsb-release all 4.1+Debian8 [25.9 kB]
Get:353 http://ftp.debian.org/debian/ wheezy/main mingetty i386 1.08-2 [11.7 kB]
Get:354 http://ftp.debian.org/debian/ wheezy/main mtr-tiny i386 0.82-3 [39.9 kB]
Get:355 http://ftp.debian.org/debian/ wheezy/main netpbm i386 2:10.0-15+b1 [1,236 kB]
Get:356 http://ftp.debian.org/debian/ wheezy/main psmisc i386 22.19-1 [132 kB]
Get:357 http://ftp.debian.org/debian/ wheezy/main psutils i386 1.17.dfsg-1 [77.6 kB]
Get:358 http://ftp.debian.org/debian/ wheezy/main python-central all 0.6.17 [47.8 kB]
Get:359 http://ftp.debian.org/debian/ wheezy/main sgml-base all 1.26+nmu3 [13.5 kB]
Get:360 http://ftp.debian.org/debian/ wheezy/main shared-mime-info i386 1.0-1+b1 [605 kB]
Get:361 http://ftp.debian.org/debian/ wheezy/main liblensfun-data all 0.2.5-2 [50.0 kB]
Get:362 http://ftp.debian.org/debian/ wheezy/main liblensfun0 i386 0.2.5-2 [62.2 kB]
Get:363 http://ftp.debian.org/debian/ wheezy/main ufraw-batch i386 0.18-2 [334 kB]
Get:364 http://ftp.debian.org/debian/ wheezy/main xml-core all 0.13+nmu2 [24.2 kB]
Get:365 http://ftp.debian.org/debian/ wheezy/main nmap i386 6.00-0.3 [3,707 kB]
Fetched 163 MB in 30s (5,306 kB/s)
Reading changelogs... Done
----------
eglibc (2.13-25) unstable; urgency=medium
Starting with the eglibc package version 2.13-5, the libraries are
shipped in the multiarch directory /lib/<triplet> instead of the more
traditional /lib, where <triplet> is the multiarch triplet and can be
retrieved with 'dpkg-architecture -qDEB_HOST_MULTIARCH'. Similarly the
includes are now shipped in /usr/include/<triplet> instead of the more
traditional /usr/include.
The toolchain in Debian has been updated to cope with that, and most
build systems should be unaffected. If you are using a non-Debian
toolchain to build your software and it is not able to cope with
multiarch, you might try to pass the following options to your
compiler:
-B/usr/lib/<triplet> -I/usr/include/<triplet>
Alternatively if the build system makes hard to pass the above options,
you might try to set the LIBRARY_PATH and CPATH environment variables:
LIBRARY_PATH=/usr/lib/<triplet>
CPATH=/usr/include/<triplet>
export LIBRARY_PATH CPATH
-- Aurelien Jarno <aurel32@debian.org> Mon, 09 Jan 2012 12:47:16 +0100
eglibc (2.13-7) unstable; urgency=low
Starting with version 2.13, eglibc provides an SSSE3 optimized version
of memcpy() on the amd64 architecture. This version might copy memory
backward in some conditions, which causes issues if the source and
destination overlap. memmove() should be used in such cases, but some
programs still wrongly use memcpy().
For this reason, on the amd64 architecture the Debian package provides
two wrappers which can be use to workaround and/or debug the issue:
- /usr/lib/x86_64-linux-gnu/libc/memcpy-preload.so simply replace all
calls to memcpy() by a call to memmove()
- /usr/lib/x86_64-linux-gnu/libc/memcpy-syslog-preload.so does the same,
but in addition logs (with rate limit) the issue to syslog, so that it
can be detected and fixed.
To use these wrapper on a single binary, the easiest way is to use the
LD_PRELOAD environment variable:
- LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libc/memcpy-preload.so /path/to/binary
- LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libc/memcpy-syslog-preload.so /path/to/binary
For system-wide usage, it is possible to add the path of one of the
wrapper to /etc/ld.so.preload.
For more details about the issue, please see:
http://bugs.debian.org/625521
http://sourceware.org/bugzilla/show_bug.cgi?id=12518
-- Aurelien Jarno <aurel32@debian.org> Sat, 11 Jun 2011 18:02:52 +0200
apt (0.8.11) unstable; urgency=low
* apt-get install pkg/experimental will now not only switch the
candidate of package pkg to the version from the release experimental
but also of all dependencies of pkg if the current candidate can't
satisfy a versioned dependency.
-- David Kalnischkies <kalnischkies@gmail.com> Fri, 03 Dec 2010 14:09:12 +0100
ca-certificates (20120212) unstable; urgency=low
Update mozilla/certdata.txt to version 1.81
Certificates added (+) and removed (-):
+ "Security Communication RootCA2"
+ "EC-ACC"
+ "Hellenic Academic and Research Institutions RootCA 2011"
- "Verisign Class 2 Public Primary Certification Authority"
- "Verisign Class 4 Public Primary Certification Authority - G2"
- "TC TrustCenter, Germany, Class 2 CA"
- "TC TrustCenter, Germany, Class 3 CA"
-- Michael Shuler <michael@pbandjelly.org> Sun, 12 Feb 2012 15:12:59 -0600
ca-certificates (20111211) unstable; urgency=low
Remove French Government IGC/A CA certificates. The RSA certificate is
included in the Mozilla bundle and the DSA certificate is not in use.
Remove expired signet.pl CAs.
Remove expired brasil.gov.br CA.
-- Michael Shuler <michael@pbandjelly.org> Sun, 11 Dec 2011 19:05:32 -0600
ca-certificates (20111025) unstable; urgency=low
Update mozilla/certdata.txt to latest (NSS branch version 1.64.2.13)
Certificates added (+) and removed (-):
+ "AffirmTrust Commercial"
+ "AffirmTrust Networking"
+ "AffirmTrust Premium"
+ "AffirmTrust Premium ECC"
+ "A-Trust-nQual-03"
+ "Certinomis - Autorité Racine"
+ "Certum Trusted Network CA"
+ "Go Daddy Root Certificate Authority - G2"
+ "Root CA Generalitat Valenciana"
+ "Starfield Root Certificate Authority - G2"
+ "Starfield Services Root Certificate Authority - G2"
+ "TWCA Root Certification Authority"
- "AOL Time Warner Root Certification Authority 1"
- "AOL Time Warner Root Certification Authority 2"
- "DigiNotar Root CA"
- "Entrust.net Global Secure Personal CA"
- "Entrust.net Global Secure Server CA"
- "Entrust.net Secure Personal CA"
- "IPS Chained CAs root"
- "IPS CLASE1 root"
- "IPS CLASE3 root"
- "IPS CLASEA1 root"
- "IPS CLASEA3 root"
- "IPS Timestamping root"
- "Thawte Personal Freemail CA"
- "Thawte Time Stamping CA"
Update CAcert-Class 3-Subroot-certificate Closes: #630232
-- Michael Shuler <michael@pbandjelly.org> Sun, 23 Oct 2011 23:16:57 -0500
cron (3.0pl1-119) unstable; urgency=low
The semantics of the -L option of the cron daemon have changed: from
now on, the value will be interpreted as a bitmask of various log
selectors, with "1" (log only the start of jobs) being the new default.
Additionally, since -117 (NEWS entry was overlooked), the LSBNAMES
variable in /etc/default/cron was merged with the EXTRA_OPTS variable
as it was redundant.
-- Christian Kastner <debian@kvr.at> Sun, 07 Aug 2011 21:13:19 +0200
cyrus-sasl2 (2.1.25.dfsg1-5) unstable; urgency=low
* Configuration of SQL engine backends have changed from database
specific configuration (e.g. 'mysql') to generic 'sql' auxprop
plugin.
You will need to change your configuration f.e. from:
auxprop_plugin: mysql
to
auxprop_plugin: sql
sql_engine: mysql
Also the SQL query (if used) needs to have '%u' replaced with '%u@%r'
because now user and realm is provided separately.
-- Ondřej Surý <ondrej@debian.org> Mon, 06 Aug 2012 13:12:22 +0200
ifupdown (0.7~rc1+experimental) experimental; urgency=low
The --all option to ifup and ifquery can now be combined with the
--allow option to act on all interfaces of a specific class (still
defaulting to the class 'auto'). If you have custom hook scripts, you
may need to update them. See interfaces(5) for details.
-- Andrew O. Shadura <bugzilla@tut.by> Tue, 17 Apr 2012 01:05:42 +0200
linux-base (3) unstable; urgency=low
* Some HP Smart Array controllers are now handled by the new 'hpsa'
driver, rather than the 'cciss' driver.
While the cciss driver presented disk device names beginning with
'cciss/', hpsa makes disk arrays appear as ordinary SCSI disks and
presents device names beginning with 'sd'. In a system that already
has other SCSI or SCSI-like devices, names may change unpredictably.
During the upgrade from earlier versions, you will be prompted to
update configuration files which refer to device names that may
change. You can choose to do this yourself or to follow an automatic
upgrade process. All changed configuration files are backed up with
a suffix of '.old' (or '^old' in one case).
-- Ben Hutchings <ben@decadent.org.uk> Wed, 16 Mar 2011 13:19:34 +0000
logrotate (3.8.0-1) experimental; urgency=low
Please note that this update changes the behaviour of logrotate:
Logrotate now skips directories which are world writable or writable
by group which is not "root" unless the (new) "su" directive is used.
-- Paul Martin <pm@debian.org> Sun, 28 Aug 2011 19:16:36 +0100
lsb (4.1+Debian1) unstable; urgency=low
This version implements a new "Fancy output" in the form of "[....] "
blocks prepended to the daemon status messages:
Before:
Starting/stopping long daemon name: daemond daemon2d
After:
[....] Starting/stopping long daemon name: daemond daemon2d
This block will become either a green [ ok ], a yellow [warn]
or a red [FAIL] depending on the daemon exit status.
The "Fancy output" can be disabled by setting the FANCYTTY variable to 0
in the /etc/lsb-base-logging.sh configuration file.
-- Didier Raboud <odyx@debian.org> Thu, 19 Apr 2012 11:25:01 +0200
pam (1.1.2-1) unstable; urgency=low
* Name of option for minimum Unix password length has changed
The Debian-specific 'min=n' option to pam_unix for specifying minimum
lengths for new passwords has been replaced by a new upstream option
called 'minlen=n'. If you are using 'min=n' in
/etc/pam.d/common-password, this will be migrated to the new option name
for you on upgrade. If you have configured pam_unix password changing
elsewhere on your system, such as in a PAM profile under
/usr/share/pam-configs or in other files in /etc/pam.d, you will need to
update them by hand for this change.
-- Steve Langasek <vorlon@debian.org> Tue, 31 Aug 2010 23:09:30 -0700
procps (1:3.3.1-1) unstable; urgency=low
* top has a new rcfile format from 3.3.1 which is not backwards compatible
from a rcfile save from a pre-3.3.1 top.
-- Craig Small <csmall@debian.org> Mon, 23 Jan 2012 22:26:16 +1100
rsyslog (5.8.1-1) unstable; urgency=low
The way rsyslog processes SIGHUP has changed. It no longer does a reload
of its configuration, but simply closes all open files, which is a much more
lightweight operation.
To apply a changed configuration, rsyslogd needs to be restarted now.
As a consequence, the reload action has been dropped from the init script.
A new action called "rotate" was added to the init script, which signals
rsyslogd to close all open files. This new action is used in the rsyslog
logrotate configuration file.
For more information, see:
http://www.rsyslog.com/doc/v4compatibility.html
http://www.rsyslog.com/doc/v5compatibility.html
-- Michael Biebl <biebl@debian.org> Mon, 30 May 2011 18:26:51 +0200
sgml-base (1.26+nmu2) unstable; urgency=low
Starting with this release the SGML super catalog /etc/sgml/catalog will be
replaced with a symbolic link to /var/lib/sgml-base/supercatalog. The latter
file can be regenerated from the contents of the /etc/sgml directory including
all files ending in .cat using the new update-catalog --update-super option.
This call will be (dpkg) triggered by packages placing files in /etc/sgml. The
transition to this way of handling the super catalog will loose user changes to
/etc/sgml/catalog. Further overwriting of user changes will happen until all
packages using dh_installcatalogs are built with a fixed version of debhelper.
Sorry for the inconvenience.
-- Helmut Grohne <helmut@subdivi.de> Mon, 30 Apr 2012 16:37:01 +0200
sysv-rc (2.88dsf-28) unstable; urgency=low
Dependency based boot ordering is now required.
Most systems will already be using dependency based boot ordering.
This includes all squeeze and later releases, unless you have taken
deliberate action to disable it. Installations upgraded from etch,
lenny or earlier releases will have enabled dependency based booting
when upgrading to squeeze and later releases. However, it was
previously possible to opt out of migrating to dependency based
booting and retain static boot ordering. This is no longer the case.
If your system is still using static boot ordering, migrating to
dependency based boot ordering will be performed when sysv-rc is
configured.
If you have custom init scripts, or old init scripts without LSB
headers, please ensure that these have the correct dependency
information in an LSB header so that they will be run at the correct
point in the boot sequence. By default, they tend to be ordered
last, but before scripts requiring $all such as rc.local, but the
ordering is not guaranteed.
-- Roger Leigh <rleigh@debian.org> Tue, 26 Jun 2012 23:13:28 +0100
vim (2:7.3.154+hg~74503f6ee649 has been removed in favor of the new vim-athena
package. The intent behind both packages is to provide a lighter-weight GUI
package as well as one that allows using XFLD fonts. The Athena toolkit,
however, has broader usage and reduces divergences with downstream
distributions.
-- James Vega <jamessan@debian.org> Sun, 27 Feb 2011 12:45:40 -0500
----------
apt-listchanges: Mailing root: apt-listchanges: news for li118-165
sh: /usr/sbin/sendmail: not found
Traceback (most recent call last):
File "/usr/bin/apt-listchanges", line 237, in <module>
main()
File "/usr/bin/apt-listchanges", line 221, in main
apt_listchanges.mail_changes(config.email_address, news, subject)
File "/usr/share/apt-listchanges/apt_listchanges.py", line 99, in mail_changes
fh.write(message.as_string())
IOError: [Errno 32] Broken pipe
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 23236 files and directories currently installed.)
Preparing to replace locales 2.11.3-4 (using .../locales_2.13-37_all.deb) ...
Unpacking replacement locales ...
Preparing to replace libc-bin 2.11.3-4 (using .../libc-bin_2.13-37_i386.deb) ...
Unpacking replacement libc-bin ...
Processing triggers for man-db ...
Setting up libc-bin (2.13-37) ...
Installing new version of config file /etc/bindresvport.blacklist ...
(Reading database ... 23261 files and directories currently installed.)
Preparing to replace libc6 2.11.3-4 (using .../libc6_2.13-37_i386.deb) ...
Checking for services that may need to be restarted...
Checking init scripts...
Unpacking replacement libc6 ...
Setting up libc6 (2.13-37) ...
Installing new version of config file /etc/ld.so.conf.d/i486-linux-gnu.conf ...
Checking for services that may need to be restarted...
----------
┌────────────────────────────────────────┤ Configuring libc6 ├─────────────────────────────────────────┐
│ │
│ There are services installed on your system which need to be restarted when certain libraries, such │
│ as libpam, libc, and libssl, are upgraded. Since these restarts may cause interruptions of service │
│ for the system, you will normally be prompted on each upgrade for the list of services you wish to │
│ restart. You can choose this option to avoid being prompted; instead, all necessary restarts will │
│ be done for you automatically so you can avoid being asked questions on each library upgrade. │
│ │
│ Restart services during package upgrades without asking? │
│ │
│ <Yes> <No> │
│ │
└──────────────────────────────────────────────────────────────────────────────────────────────────────┘
----------
---------
┌───────────────────┤ Configuring libc6 ├───────────────────┐
│ │
│ Restart services during package upgrades without asking? │
│ │
│ <Yes> <No> │
│ │
└───────────────────────────────────────────────────────────┘
----------
Restarting services possibly affected by the upgrade:
cron: stopping...starting...done.
atd: stopping...starting...done.
Services restarted successfully.
(Reading database ... 23443 files and directories currently installed.)
Preparing to replace libselinux1 2.0.96-1 (using .../libselinux1_2.1.9-5_i386.deb) ...
Unpacking replacement libselinux1 ...
Setting up libselinux1 (2.1.9-5) ...
(Reading database ... 23443 files and directories currently installed.)
Preparing to replace sensible-utils 0.0.4 (using .../sensible-utils_0.0.7_all.deb) ...
Unpacking replacement sensible-utils ...
Processing triggers for man-db ...
Setting up sensible-utils (0.0.7) ...
(Reading database ... 23455 files and directories currently installed.)
Preparing to replace debianutils 3.4 (using .../debianutils_4.3.2_i386.deb) ...
Unpacking replacement debianutils ...
Processing triggers for man-db ...
Setting up debianutils (4.3.2) ...
Selecting previously deselected package libsemanage-common.
(Reading database ... 23481 files and directories currently installed.)
Unpacking libsemanage-common (from .../libsemanage-common_2.1.6-6_all.deb) ...
Processing triggers for man-db ...
Setting up libsemanage-common (2.1.6-6) ...
(Reading database ... 23488 files and directories currently installed.)
Preparing to replace libsepol1 2.0.41-1 (using .../libsepol1_2.1.4-3_i386.deb) ...
Unpacking replacement libsepol1 ...
Setting up libsepol1 (2.1.4-3) ...
Selecting previously deselected package libustr-1.0-1.
(Reading database ... 23488 files and directories currently installed.)
Unpacking libustr-1.0-1 (from .../libustr-1.0-1_1.0.4-3_i386.deb) ...
Setting up libustr-1.0-1 (1.0.4-3) ...
Selecting previously deselected package libsemanage1.
(Reading database ... 23499 files and directories currently installed.)
Unpacking libsemanage1 (from .../libsemanage1_2.1.6-6_i386.deb) ...
Setting up libsemanage1 (2.1.6-6) ...
Selecting previously deselected package libpam-modules-bin.
(Reading database ... 23504 files and directories currently installed.)
Unpacking libpam-modules-bin (from .../libpam-modules-bin_1.1.3-7.1_i386.deb) ...
Replacing files in old package libpam-modules ...
Processing triggers for man-db ...
Setting up libpam-modules-bin (1.1.3-7.1) ...
(Reading database ... 23510 files and directories currently installed.)
Preparing to replace libpam-modules 1.1.1-6.1+squeeze1 (using .../libpam-modules_1.1.3-7.1_i386.deb) ...
Unpacking replacement libpam-modules ...
Processing triggers for man-db ...
Setting up libpam-modules (1.1.3-7.1) ...
Installing new version of config file /etc/security/group.conf ...
(Reading database ... 23509 files and directories currently installed.)
Preparing to replace passwd 1:4.1.4.2+svn3283-2+squeeze1 (using .../passwd_1%3a4.1.5.1-1_i386.deb) ...
Unpacking replacement passwd ...
Processing triggers for man-db ...
Setting up passwd (1:4.1.5.1-1) ...
(Reading database ... 23529 files and directories currently installed.)
Preparing to replace adduser 3.112+nmu2 (using .../adduser_3.113+nmu3_all.deb) ...
Unpacking replacement adduser ...
Preparing to replace libpam-runtime 1.1.1-6.1+squeeze1 (using .../libpam-runtime_1.1.3-7.1_all.deb) ...
Unpacking replacement libpam-runtime ...
Processing triggers for man-db ...
Setting up libpam-runtime (1.1.3-7.1) ...
(Reading database ... 23536 files and directories currently installed.)
Preparing to replace cron 3.0pl1-116 (using .../cron_3.0pl1-124_i386.deb) ...
[ ok ] Stopping periodic command scheduler: cron.
Moving obsolete conffile /etc/cron.daily/standard out of the way...
Unpacking replacement cron ...
Preparing to replace dpkg 1.15.8.13 (using .../archives/dpkg_1.16.9_i386.deb) ...
Unpacking replacement dpkg ...
Processing triggers for man-db ...
Setting up dpkg (1.16.9) ...
(Reading database ... 23547 files and directories currently installed.)
Preparing to replace install-info 4.13a.dfsg.1-6 (using .../install-info_4.13a.dfsg.1-10_i386.deb) ...
Unpacking replacement install-info ...
Processing triggers for man-db ...
Setting up install-info (4.13a.dfsg.1-10) ...
(Reading database ... 23547 files and directories currently installed.)
Preparing to replace libgdbm3 1.8.3-9 (using .../libgdbm3_1.8.3-11_i386.deb) ...
Unpacking replacement libgdbm3:i386 ...
Preparing to replace zlib1g 1:1.2.3.4.dfsg-3 (using .../zlib1g_1%3a1.2.7.dfsg-13_i386.deb) ...
Unpacking replacement zlib1g:i386 ...
Processing triggers for man-db ...
Processing triggers for install-info ...
Setting up zlib1g:i386 (1:1.2.7.dfsg-13) ...
(Reading database ... 23547 files and directories currently installed.)
Preparing to replace perl 5.10.1-17squeeze4 (using .../perl_5.14.2-16_i386.deb) ...
Unpacking replacement perl ...
Preparing to replace libuuid1 2.17.2-9 (using .../libuuid1_2.20.1-5.3_i386.deb) ...
Unpacking replacement libuuid1:i386 ...
Processing triggers for man-db ...
Setting up libuuid1:i386 (2.20.1-5.3) ...
(Reading database ... 23523 files and directories currently installed.)
Preparing to replace libuuid-perl 0.02-4 (using .../libuuid-perl_0.02-5_i386.deb) ...
Unpacking replacement libuuid-perl ...
Preparing to replace libtext-charwidth-perl 0.04-6 (using .../libtext-charwidth-perl_0.04-7+b1_i386.deb) ...
Unpacking replacement libtext-charwidth-perl ...
Preparing to replace libtext-iconv-perl 1.7-2 (using .../libtext-iconv-perl_1.7-5_i386.deb) ...
Unpacking replacement libtext-iconv-perl ...
Preparing to replace perl-base 5.10.1-17squeeze4 (using .../perl-base_5.14.2-16_i386.deb) ...
Unpacking replacement perl-base ...
Processing triggers for man-db ...
Setting up perl-base (5.14.2-16) ...
(Reading database ... 23935 files and directories currently installed.)
Preparing to replace liblocale-gettext-perl 1.05-6 (using .../liblocale-gettext-perl_1.05-7+b1_i386.deb) ...
Unpacking replacement liblocale-gettext-perl ...
dpkg: considering deconfiguration of ifupdown, which would be broken by installation of netbase ...
dpkg: yes, will deconfigure ifupdown (broken by netbase)
Preparing to replace netbase 4.45 (using .../archives/netbase_5.0_all.deb) ...
De-configuring ifupdown ...
Unpacking replacement netbase ...
Preparing to replace ifupdown 0.6.10 (using .../ifupdown_0.7.5_i386.deb) ...
Moving obsolete conffile /etc/default/ifupdown out of the way...
Moving obsolete conffile /etc/init.d/ifupdown out of the way...
Moving obsolete conffile /etc/init.d/ifupdown-clean out of the way...
Unpacking replacement ifupdown ...
Preparing to replace iproute 20100519-3 (using .../iproute_20120521-3_i386.deb) ...
Unpacking replacement iproute ...
Preparing to replace console-setup 1.68+squeeze2 (using .../console-setup_1.88_all.deb) ...
Unpacking replacement console-setup ...
dpkg: warning: unable to delete old directory '/etc/console-setup': Directory not empty
Preparing to replace initramfs-tools 0.98.8 (using .../initramfs-tools_0.109_all.deb) ...
Unpacking replacement initramfs-tools ...
Preparing to replace klibc-utils 1.5.20-1+squeeze1 (using .../klibc-utils_2.0.1-3.1_i386.deb) ...
Unpacking replacement klibc-utils ...
Preparing to replace libklibc 1.5.20-1+squeeze1 (using .../libklibc_2.0.1-3.1_i386.deb) ...
Unpacking replacement libklibc ...
Selecting previously unselected package libkmod2:i386.
Unpacking libkmod2:i386 (from .../archives/libkmod2_9-2_i386.deb) ...
Preparing to replace module-init-tools 3.12-2+b1 (using .../module-init-tools_9-2_all.deb) ...
Moving obsolete conffile /etc/init.d/module-init-tools out of the way...
Moving obsolete conffile /etc/modprobe.d/aliases.conf out of the way...
Unpacking replacement module-init-tools ...
Selecting previously unselected package kmod.
Unpacking kmod (from .../apt/archives/kmod_9-2_i386.deb) ...
Preparing to replace cpio 2.11-4 (using .../cpio_2.11+dfsg-0.1_i386.deb) ...
Unpacking replacement cpio ...
Preparing to replace linux-base 2.6.32-46 (using .../linux-base_3.5_all.deb) ...
Unpacking replacement linux-base ...
Preparing to replace udev 164-3 (using .../archives/udev_175-7_i386.deb) ...
Unpacking replacement udev ...
Preparing to replace libudev0 164-3 (using .../libudev0_175-7_i386.deb) ...
Unpacking replacement libudev0:i386 ...
Preparing to replace libblkid1 2.17.2-9 (using .../libblkid1_2.20.1-5.3_i386.deb) ...
Unpacking replacement libblkid1:i386 ...
Processing triggers for man-db ...
Processing triggers for install-info ...
Setting up libblkid1:i386 (2.20.1-5.3) ...
(Reading database ... 23793 files and directories currently installed.)
Preparing to replace libslang2 2.2.2-4 (using .../libslang2_2.2.4-15_i386.deb) ...
Unpacking replacement libslang2:i386 ...
Setting up libslang2:i386 (2.2.4-15) ...
Selecting previously unselected package libtinfo5:i386.
(Reading database ... 23791 files and directories currently installed.)
Unpacking libtinfo5:i386 (from .../libtinfo5_5.9-10_i386.deb) ...
Setting up libtinfo5:i386 (5.9-10) ...
(Reading database ... 23800 files and directories currently installed.)
Preparing to replace tzdata 2012g-0squeeze1 (using .../tzdata_2012j-1_all.deb) ...
Unpacking replacement tzdata ...
Setting up tzdata (2012j-1) ...
Current default time zone: 'America/New_York'
Local time is now: Fri Feb 1 01:23:48 EST 2013.
Universal Time is now: Fri Feb 1 06:23:48 UTC 2013.
Run 'dpkg-reconfigure tzdata' if you wish to change it.
(Reading database ... 23800 files and directories currently installed.)
Preparing to replace util-linux 2.17.2-9 (using .../util-linux_2.20.1-5.3_i386.deb) ...
Removing obsolete conffile /etc/init.d/hwclockfirst.sh ...
Unpacking replacement util-linux ...
Processing triggers for man-db ...
Processing triggers for install-info ...
Setting up util-linux (2.20.1-5.3) ...
Installing new version of config file /etc/init.d/hwclock.sh ...
Selecting previously unselected package libprocps0:i386.
(Reading database ... 23795 files and directories currently installed.)
Unpacking libprocps0:i386 (from .../libprocps0_1%3a3.3.3-2_i386.deb) ...
Preparing to replace libncurses5 5.7+20100313-5 (using .../libncurses5_5.9-10_i386.deb) ...
Unpacking replacement libncurses5:i386 ...
Setting up libncurses5:i386 (5.9-10) ...
(Reading database ... 23794 files and directories currently installed.)
Preparing to replace libncursesw5 5.7+20100313-5 (using .../libncursesw5_5.9-10_i386.deb) ...
Unpacking replacement libncursesw5:i386 ...
Preparing to replace procps 1:3.2.8-9squeeze1 (using .../procps_1%3a3.3.3-2_i386.deb) ...
Unpacking replacement procps ...
Selecting previously unselected package libevent-2.0-5:i386.
Unpacking libevent-2.0-5:i386 (from .../libevent-2.0-5_2.0.19-stable-3_i386.deb) ...
Selecting previously unselected package libmount1.
Unpacking libmount1 (from .../libmount1_2.20.1-5.3_i386.deb) ...
Processing triggers for man-db ...
Setting up libmount1 (2.20.1-5.3) ...
(Reading database ... 23801 files and directories currently installed.)
Preparing to replace libgssglue1 0.1-4 (using .../libgssglue1_0.4-2_i386.deb) ...
Unpacking replacement libgssglue1:i386 ...
Selecting previously unselected package libtirpc1:i386.
Unpacking libtirpc1:i386 (from .../libtirpc1_0.2.2-5_i386.deb) ...
Preparing to replace insserv 1.14.0-2 (using .../insserv_1.14.0-5_i386.deb) ...
Unpacking replacement insserv ...
Processing triggers for man-db ...
Setting up insserv (1.14.0-5) ...
Installing new version of config file /etc/insserv.conf ...
(Reading database ... 23799 files and directories currently installed.)
Preparing to replace nfs-common 1:1.2.2-4squeeze2 (using .../nfs-common_1%3a1.2.6-3_i386.deb) ...
Unpacking replacement nfs-common ...
Preparing to replace rsyslog 4.6.4-2 (using .../rsyslog_5.8.11-2_i386.deb) ...
Unpacking replacement rsyslog ...
Preparing to replace sysv-rc 2.88dsf-13.1+squeeze1 (using .../sysv-rc_2.88dsf-34_all.deb) ...
Unpacking replacement sysv-rc ...
Processing triggers for man-db ...
Setting up sysv-rc (2.88dsf-34) ...
(Reading database ... 23837 files and directories currently installed.)
Preparing to replace initscripts 2.88dsf-13.1+squeeze1 (using .../initscripts_2.88dsf-34_i386.deb) ...
Removing unmodified and obsolete conffile /etc/default/bootlogd ...
Removing unmodified and obsolete conffile /etc/init.d/mountoverflowtmp ...
Unpacking replacement initscripts ...
dpkg: warning: unable to delete old directory '/lib/init/rw': Device or resource busy
Processing triggers for man-db ...
Setting up initscripts (2.88dsf-34) ...
Installing new version of config file /etc/init.d/bootlogs ...
Installing new version of config file /etc/init.d/bootmisc.sh ...
Installing new version of config file /etc/init.d/checkfs.sh ...
Installing new version of config file /etc/init.d/checkroot.sh ...
Installing new version of config file /etc/init.d/mountall.sh ...
Installing new version of config file /etc/init.d/mountall-bootclean.sh ...
Installing new version of config file /etc/init.d/mountnfs.sh ...
Installing new version of config file /etc/init.d/mountnfs-bootclean.sh ...
Installing new version of config file /etc/init.d/mountdevsubfs.sh ...
Installing new version of config file /etc/init.d/mountkernfs.sh ...
Installing new version of config file /etc/init.d/mtab.sh ...
Installing new version of config file /etc/init.d/rc.local ...
Installing new version of config file /etc/init.d/sendsigs ...
Installing new version of config file /etc/init.d/umountfs ...
Installing new version of config file /etc/init.d/umountnfs.sh ...
Installing new version of config file /etc/init.d/umountroot ...
Installing new version of config file /etc/init.d/urandom ...
Configuration file `/etc/default/rcS'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** rcS (Y/I/N/O/D/Z) [default=N] ?
?????Lost Some of My Reference Points?????
??????????
----------
┌──────────────────────────────────────┤ Configuring linux-base ├──────────────────────────────────────┐
│ │
│ The new Linux kernel version provides different drivers for some PATA (IDE) controllers. The names │
│ of some hard disk, CD-ROM, and tape devices may change. │
│ │
│ It is now recommended to identify disk devices in configuration files by label or UUID (unique │
│ identifier) rather than by device name, which will work with both old and new kernel versions. │
│ │
│ If you choose to not update the system configuration automatically, you must update device IDs │
│ yourself before the next system reboot or the system may become unbootable. │
│ │
│ Update disk device IDs in system configuration? │
│ │
│ <Yes> <No> │
│ │
└──────────────────────────────────────────────────────────────────────────────────────────────────────┘
----------
----------
┌────────────────────────────────────┤ Configuring linux-base ├─────────────────────────────────────┐
│ │
│ Boot loader configuration check needed │
│ │
│ The boot loader configuration for this system was not recognized. These settings in the │
│ configuration may need to be updated: │
│ │
│ * The root device ID passed as a kernel parameter; │
│ * The boot device ID used to install and update the boot loader. │
│ │
│ │
│ You should generally identify these devices by UUID or label. However, on MIPS systems the root │
│ device must be identified by name. │
│ │
│ <Ok> │
│ │
└───────────────────────────────────────────────────────────────────────────────────────────────────┘
----------
Installing new version of config file /etc/init.d/mountall.sh ...
Installing new version of config file /etc/init.d/mountall-bootclean.sh ...
Installing new version of config file /etc/init.d/mountnfs.sh ...
Installing new version of config file /etc/init.d/mountnfs-bootclean.sh ...
Installing new version of config file /etc/init.d/mountdevsubfs.sh ...
Installing new version of config file /etc/init.d/mountkernfs.sh ...
Installing new version of config file /etc/init.d/mtab.sh ...
Installing new version of config file /etc/init.d/rc.local ...
Installing new version of config file /etc/init.d/sendsigs ...
Installing new version of config file /etc/init.d/umountfs ...
Installing new version of config file /etc/init.d/umountnfs.sh ...
Installing new version of config file /etc/init.d/umountroot ...
Installing new version of config file /etc/init.d/urandom ...
Configuration file `/etc/default/rcS'
==> File on system created by you or by a script.
==> File also in package provided by package maintainer.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** rcS (Y/I/N/O/D/Z) [default=N] ?
?????Ref point 1?????
?????Missing a Chunk of Output Here?????
?????????
Moving obsolete conffile /etc/bash_completion.d/ipsec out of the way...
Moving obsolete conffile /etc/bash_completion.d/links out of the way...
Moving obsolete conffile /etc/bash_completion.d/mplayer out of the way...
Moving obsolete conffile /etc/bash_completion.d/dd out of the way...
Moving obsolete conffile /etc/bash_completion.d/samba out of the way...
Moving obsolete conffile /etc/bash_completion.d/ntpdate out of the way...
Moving obsolete conffile /etc/bash_completion.d/sshfs out of the way...
Moving obsolete conffile /etc/bash_completion.d/abook out of the way...
Moving obsolete conffile /etc/bash_completion.d/dpkg out of the way...
Moving obsolete conffile /etc/bash_completion.d/postgresql out of the way...
Moving obsolete conffile /etc/bash_completion.d/jar out of the way...
Moving obsolete conffile /etc/bash_completion.d/lzop out of the way...
Moving obsolete conffile /etc/bash_completion.d/qdbus out of the way...
Moving obsolete conffile /etc/bash_completion.d/msynctool out of the way...
Moving obsolete conffile /etc/bash_completion.d/wvdial out of the way...
Moving obsolete conffile /etc/bash_completion.d/qemu out of the way...
Moving obsolete conffile /etc/bash_completion.d/brctl out of the way...
Moving obsolete conffile /etc/bash_completion.d/util-linux out of the way...
Moving obsolete conffile /etc/bash_completion.d/dsniff out of the way...
Moving obsolete conffile /etc/bash_completion.d/mount out of the way...
Moving obsolete conffile /etc/bash_completion.d/rpmcheck out of the way...
Moving obsolete conffile /etc/bash_completion.d/wodim out of the way...
Moving obsolete conffile /etc/bash_completion.d/portupgrade out of the way...
Moving obsolete conffile /etc/bash_completion.d/autorpm out of the way...
Moving obsolete conffile /etc/bash_completion.d/mc out of the way...
Moving obsolete conffile /etc/bash_completion.d/wireless-tools out of the way...
Moving obsolete conffile /etc/bash_completion.d/genisoimage out of the way...
Moving obsolete conffile /etc/bash_completion.d/coreutils out of the way...
Moving obsolete conffile /etc/bash_completion.d/rpm out of the way...
Moving obsolete conffile /etc/bash_completion.d/cryptsetup out of the way...
Moving obsolete conffile /etc/bash_completion.d/mailman out of the way...
Moving obsolete conffile /etc/bash_completion.d/medusa out of the way...
Moving obsolete conffile /etc/bash_completion.d/chsh out of the way...
Moving obsolete conffile /etc/bash_completion.d/unace out of the way...
Moving obsolete conffile /etc/bash_completion.d/update-alternatives out of the way...
Moving obsolete conffile /etc/bash_completion.d/procps out of the way...
Moving obsolete conffile /etc/bash_completion.d/ncftp out of the way...
Moving obsolete conffile /etc/bash_completion.d/configure out of the way...
Moving obsolete conffile /etc/bash_completion.d/cksfv out of the way...
Moving obsolete conffile /etc/bash_completion.d/openldap out of the way...
Moving obsolete conffile /etc/bash_completion.d/xmllint out of the way...
Moving obsolete conffile /etc/bash_completion.d/lftp out of the way...
Moving obsolete conffile /etc/bash_completion.d/sitecopy out of the way...
Moving obsolete conffile /etc/bash_completion.d/rfkill out of the way...
Moving obsolete conffile /etc/bash_completion.d/snownews out of the way...
Moving obsolete conffile /etc/bash_completion.d/gpg2 out of the way...
Moving obsolete conffile /etc/bash_completion.d/rsync out of the way...
Moving obsolete conffile /etc/bash_completion.d/lilo out of the way...
Moving obsolete conffile /etc/bash_completion.d/lvm out of the way...
Moving obsolete conffile /etc/bash_completion.d/yp-tools out of the way...
Moving obsolete conffile /etc/bash_completion.d/vncviewer out of the way...
Moving obsolete conffile /etc/bash_completion.d/findutils out of the way...
Moving obsolete conffile /etc/bash_completion.d/rcs out of the way...
Moving obsolete conffile /etc/bash_completion.d/mkinitrd out of the way...
Moving obsolete conffile /etc/bash_completion.d/pine out of the way...
Moving obsolete conffile /etc/bash_completion.d/lintian out of the way...
Moving obsolete conffile /etc/bash_completion.d/cvsps out of the way...
Moving obsolete conffile /etc/bash_completion.d/openssl out of the way...
Moving obsolete conffile /etc/bash_completion.d/sbcl out of the way...
Moving obsolete conffile /etc/bash_completion.d/strace out of the way...
Moving obsolete conffile /etc/bash_completion.d/man out of the way...
Moving obsolete conffile /etc/bash_completion.d/freeciv out of the way...
Moving obsolete conffile /etc/bash_completion.d/ifupdown out of the way...
Moving obsolete conffile /etc/bash_completion.d/pkg_install out of the way...
Moving obsolete conffile /etc/bash_completion.d/module-init-tools out of the way...
Moving obsolete conffile /etc/bash_completion.d/wtf out of the way...
Moving obsolete conffile /etc/bash_completion.d/cvs out of the way...
Moving obsolete conffile /etc/bash_completion.d/xrandr out of the way...
Moving obsolete conffile /etc/bash_completion.d/sysv-rc out of the way...
Moving obsolete conffile /etc/bash_completion.d/unrar out of the way...
Moving obsolete conffile /etc/bash_completion.d/xmlwf out of the way...
Moving obsolete conffile /etc/bash_completion.d/bitkeeper out of the way...
Moving obsolete conffile /etc/bash_completion.d/apt-build out of the way...
Moving obsolete conffile /etc/bash_completion.d/xz out of the way...
Moving obsolete conffile /etc/bash_completion.d/ldapvi out of the way...
Moving obsolete conffile /etc/bash_completion.d/service out of the way...
Moving obsolete conffile /etc/bash_completion.d/postfix out of the way...
Moving obsolete conffile /etc/bash_completion.d/munin-node out of the way...
Moving obsolete conffile /etc/bash_completion.d/aspell out of the way...
Moving obsolete conffile /etc/bash_completion.d/cups out of the way...
Moving obsolete conffile /etc/bash_completion.d/apt out of the way...
Moving obsolete conffile /etc/bash_completion.d/tar out of the way...
Moving obsolete conffile /etc/bash_completion.d/svk out of the way...
Moving obsolete conffile /etc/bash_completion.d/rdesktop out of the way...
Moving obsolete conffile /etc/bash_completion.d/iconv out of the way...
Moving obsolete conffile /etc/bash_completion.d/xhost out of the way...
Moving obsolete conffile /etc/bash_completion.d/ipmitool out of the way...
Moving obsolete conffile /etc/bash_completion.d/wol out of the way...
Moving obsolete conffile /etc/bash_completion.d/screen out of the way...
Moving obsolete conffile /etc/bash_completion.d/larch out of the way...
Moving obsolete conffile /etc/bash_completion.d/aptitude out of the way...
Moving obsolete conffile /etc/bash_completion.d/sysctl out of the way...
Moving obsolete conffile /etc/bash_completion.d/nmap out of the way...
Moving obsolete conffile /etc/bash_completion.d/cowsay out of the way...
Moving obsolete conffile /etc/bash_completion.d/xm out of the way...
Moving obsolete conffile /etc/bash_completion.d/pkgtools out of the way...
Moving obsolete conffile /etc/bash_completion.d/xmms out of the way...
Moving obsolete conffile /etc/bash_completion.d/apache2ctl out of the way...
Moving obsolete conffile /etc/bash_completion.d/make out of the way...
Moving obsolete conffile /etc/bash_completion.d/gcl out of the way...
Moving obsolete conffile /etc/bash_completion.d/gcc out of the way...
Moving obsolete conffile /etc/bash_completion.d/java out of the way...
Moving obsolete conffile /etc/bash_completion.d/clisp out of the way...
Moving obsolete conffile /etc/bash_completion.d/p4 out of the way...
Moving obsolete conffile /etc/bash_completion.d/quota-tools out of the way...
Moving obsolete conffile /etc/bash_completion.d/ipv6calc out of the way...
Moving obsolete conffile /etc/bash_completion.d/iptables out of the way...
Moving obsolete conffile /etc/bash_completion.d/mutt out of the way...
Moving obsolete conffile /etc/bash_completion.d/bzip2 out of the way...
Moving obsolete conffile /etc/bash_completion.d/cardctl out of the way...
Moving obsolete conffile /etc/bash_completion.d/cpan2dist out of the way...
Moving obsolete conffile /etc/bash_completion.d/rrdtool out of the way...
Moving obsolete conffile /etc/bash_completion.d/minicom out of the way...
Moving obsolete conffile /etc/bash_completion.d/ant out of the way...
Moving obsolete conffile /etc/bash_completion.d/k3b out of the way...
Moving obsolete conffile /etc/bash_completion.d/monodevelop out of the way...
Moving obsolete conffile /etc/bash_completion.d/lisp out of the way...
Moving obsolete conffile /etc/bash_completion.d/imagemagick out of the way...
Moving obsolete conffile /etc/bash_completion.d/resolvconf out of the way...
Moving obsolete conffile /etc/bash_completion.d/pkg-config out of the way...
Moving obsolete conffile /etc/bash_completion.d/bluez out of the way...
Moving obsolete conffile /etc/bash_completion.d/hping2 out of the way...
Moving obsolete conffile /etc/bash_completion.d/mysqladmin out of the way...
Moving obsolete conffile /etc/bash_completion.d/lzma out of the way...
Moving obsolete conffile /etc/bash_completion.d/net-tools out of the way...
Moving obsolete conffile /etc/bash_completion.d/cpio out of the way...
Moving obsolete conffile /etc/bash_completion.d/chkconfig out of the way...
Moving obsolete conffile /etc/bash_completion.d/gdb out of the way...
Moving obsolete conffile /etc/bash_completion.d/rtcwake out of the way...
Moving obsolete conffile /etc/bash_completion.d/perl out of the way...
Moving obsolete conffile /etc/bash_completion.d/gkrellm out of the way...
Moving obsolete conffile /etc/bash_completion.d/mcrypt out of the way...
Moving obsolete conffile /etc/bash_completion.d/cfengine out of the way...
Moving obsolete conffile /etc/bash_completion.d/heimdal out of the way...
Moving obsolete conffile /etc/bash_completion.d/bash-builtins out of the way...
Moving obsolete conffile /etc/bash_completion.d/dict out of the way...
Moving obsolete conffile /etc/bash_completion.d/shadow out of the way...
Moving obsolete conffile /etc/bash_completion.d/info out of the way...
Moving obsolete conffile /etc/bash_completion.d/python out of the way...
Moving obsolete conffile /etc/bash_completion.d/bind-utils out of the way...
Moving obsolete conffile /etc/bash_completion.d/isql out of the way...
Moving obsolete conffile /etc/bash_completion.d/ssh out of the way...
Moving obsolete conffile /etc/bash_completion.d/smartctl out of the way...
Moving obsolete conffile /etc/bash_completion.d/reportbug out of the way...
Moving obsolete conffile /etc/bash_completion.d/vpnc out of the way...
Moving obsolete conffile /etc/bash_completion.d/gnatmake out of the way...
Moving obsolete conffile /etc/bash_completion.d/dselect out of the way...
Moving obsolete conffile /etc/bash_completion.d/getent out of the way...
Unpacking replacement bash-completion ...
Preparing to replace gettext-base 0.18.1.1-3 (using .../gettext-base_0.18.1.1-9_i386.deb) ...
Unpacking replacement gettext-base ...
Selecting previously unselected package libasprintf0c2:i386.
Unpacking libasprintf0c2:i386 (from .../libasprintf0c2_0.18.1.1-9_i386.deb) ...
Preparing to replace libbsd0 0.2.0-1 (using .../libbsd0_0.4.2-1_i386.deb) ...
Unpacking replacement libbsd0:i386 ...
Preparing to replace libedit2 2.11-20080614-2 (using .../libedit2_2.11-20080614-5_i386.deb) ...
Unpacking replacement libedit2:i386 ...
Preparing to replace libgpm2 1.20.4-3.3 (using .../libgpm2_1.20.4-6_i386.deb) ...
Unpacking replacement libgpm2:i386 ...
Preparing to replace libgssrpc4 1.8.3+dfsg-4squeeze6 (using .../libgssrpc4_1.10.1+dfsg-3_i386.deb) ...
Unpacking replacement libgssrpc4:i386 ...
Preparing to replace libidn11 1.15-2 (using .../libidn11_1.25-2_i386.deb) ...
Unpacking replacement libidn11:i386 ...
Preparing to replace liblockfile1 1.08-4 (using .../liblockfile1_1.09-5_i386.deb) ...
Unpacking replacement liblockfile1:i386 ...
Selecting previously unselected package liblockfile-bin.
Unpacking liblockfile-bin (from .../liblockfile-bin_1.09-5_i386.deb) ...
Preparing to replace file 5.04-5+squeeze2 (using .../archives/file_5.11-2_i386.deb) ...
Unpacking replacement file ...
Preparing to replace libmagic1 5.04-5+squeeze2 (using .../libmagic1_5.11-2_i386.deb) ...
Unpacking replacement libmagic1:i386 ...
Preparing to replace pciutils 1:3.1.7-6 (using .../pciutils_1%3a3.1.9-6_i386.deb) ...
Unpacking replacement pciutils ...
Preparing to replace libpci3 1:3.1.7-6 (using .../libpci3_1%3a3.1.9-6_i386.deb) ...
Unpacking replacement libpci3:i386 ...
Preparing to replace libpcre3 8.02-1.1 (using .../libpcre3_1%3a8.30-5_i386.deb) ...
Unpacking replacement libpcre3:i386 ...
Preparing to replace librpcsecgss3 0.19-2 (using .../librpcsecgss3_0.19-5_i386.deb) ...
Unpacking replacement librpcsecgss3:i386 ...
Preparing to replace libxml2 2.7.8.dfsg-2+squeeze6 (using .../libxml2_2.8.0+dfsg1-7_i386.deb) ...
Unpacking replacement libxml2:i386 ...
Preparing to replace geoip-database 1.4.7~beta6+dfsg-1 (using .../geoip-database_20130108-1_all.deb) ...
Unpacking replacement geoip-database ...
Selecting previously unselected package imagemagick-common.
Unpacking imagemagick-common (from .../imagemagick-common_8%3a6.7.7.10-5_all.deb) ...
Selecting previously unselected package libavahi-common-data:i386.
Unpacking libavahi-common-data:i386 (from .../libavahi-common-data_0.6.31-1_i386.deb) ...
Selecting previously unselected package libavahi-common3:i386.
Unpacking libavahi-common3:i386 (from .../libavahi-common3_0.6.31-1_i386.deb) ...
Selecting previously unselected package libdbus-1-3:i386.
Unpacking libdbus-1-3:i386 (from .../libdbus-1-3_1.6.8-1_i386.deb) ...
Selecting previously unselected package libavahi-client3:i386.
Unpacking libavahi-client3:i386 (from .../libavahi-client3_0.6.31-1_i386.deb) ...
Selecting previously unselected package libfreetype6:i386.
Unpacking libfreetype6:i386 (from .../libfreetype6_2.4.9-1.1_i386.deb) ...
Selecting previously unselected package ttf-dejavu-core.
Unpacking ttf-dejavu-core (from .../ttf-dejavu-core_2.33-3_all.deb) ...
Selecting previously unselected package fontconfig-config.
Unpacking fontconfig-config (from .../fontconfig-config_2.9.0-7.1_all.deb) ...
Selecting previously unselected package libfontconfig1:i386.
Unpacking libfontconfig1:i386 (from .../libfontconfig1_2.9.0-7.1_i386.deb) ...
Selecting previously unselected package libpixman-1-0:i386.
Unpacking libpixman-1-0:i386 (from .../libpixman-1-0_0.26.0-3_i386.deb) ...
Selecting previously unselected package libpng12-0:i386.
Unpacking libpng12-0:i386 (from .../libpng12-0_1.2.49-1_i386.deb) ...
Selecting previously unselected package libxau6:i386.
Unpacking libxau6:i386 (from .../libxau6_1%3a1.0.7-1_i386.deb) ...
Selecting previously unselected package libxdmcp6:i386.
Unpacking libxdmcp6:i386 (from .../libxdmcp6_1%3a1.1.1-1_i386.deb) ...
Selecting previously unselected package libxcb1:i386.
Unpacking libxcb1:i386 (from .../libxcb1_1.8.1-2_i386.deb) ...
Selecting previously unselected package libx11-data.
Unpacking libx11-data (from .../libx11-data_2%3a1.5.0-1_all.deb) ...
Selecting previously unselected package libx11-6:i386.
Unpacking libx11-6:i386 (from .../libx11-6_2%3a1.5.0-1_i386.deb) ...
Selecting previously unselected package libxcb-render0:i386.
Unpacking libxcb-render0:i386 (from .../libxcb-render0_1.8.1-2_i386.deb) ...
Selecting previously unselected package libxcb-shm0:i386.
Unpacking libxcb-shm0:i386 (from .../libxcb-shm0_1.8.1-2_i386.deb) ...
Selecting previously unselected package libxrender1:i386.
Unpacking libxrender1:i386 (from .../libxrender1_1%3a0.9.7-1_i386.deb) ...
Selecting previously unselected package libcairo2:i386.
Unpacking libcairo2:i386 (from .../libcairo2_1.12.2-2_i386.deb) ...
Selecting previously unselected package libffi5:i386.
Unpacking libffi5:i386 (from .../libffi5_3.0.10-3_i386.deb) ...
Selecting previously unselected package libglib2.0-0:i386.
Unpacking libglib2.0-0:i386 (from .../libglib2.0-0_2.33.12+really2.32.4-3_i386.deb) ...
Selecting previously unselected package libcroco3:i386.
Unpacking libcroco3:i386 (from .../libcroco3_0.6.6-2_i386.deb) ...
Selecting previously unselected package libcups2:i386.
Unpacking libcups2:i386 (from .../libcups2_1.5.3-2.13_i386.deb) ...
Selecting previously unselected package libjpeg8:i386.
Unpacking libjpeg8:i386 (from .../libjpeg8_8d-1_i386.deb) ...
Selecting previously unselected package libjbig0:i386.
Unpacking libjbig0:i386 (from .../libjbig0_2.0-2_i386.deb) ...
Selecting previously unselected package libtiff4:i386.
Unpacking libtiff4:i386 (from .../libtiff4_3.9.6-11_i386.deb) ...
Selecting previously unselected package libcupsimage2:i386.
Unpacking libcupsimage2:i386 (from .../libcupsimage2_1.5.3-2.13_i386.deb) ...
Selecting previously unselected package librtmp0:i386.
Unpacking librtmp0:i386 (from .../librtmp0_2.4+20111222.git4e06e21-1_i386.deb) ...
Preparing to replace libssh2-1 1.2.6-1 (using .../libssh2-1_1.4.2-1.1_i386.deb) ...
Unpacking replacement libssh2-1:i386 ...
Preparing to replace libcurl3 7.21.0-2.1+squeeze2 (using .../libcurl3_7.26.0-1_i386.deb) ...
Unpacking replacement libcurl3:i386 ...
Selecting previously unselected package libdatrie1:i386.
Unpacking libdatrie1:i386 (from .../libdatrie1_0.2.5-3_i386.deb) ...
Selecting previously unselected package libdjvulibre-text.
Unpacking libdjvulibre-text (from .../libdjvulibre-text_3.5.25.3-1_all.deb) ...
Selecting previously unselected package libdjvulibre21.
Unpacking libdjvulibre21 (from .../libdjvulibre21_3.5.25.3-1_i386.deb) ...
Selecting previously unselected package libgd2-noxpm:i386.
Unpacking libgd2-noxpm:i386 (from .../libgd2-noxpm_2.0.36~rc1~dfsg-6.1_i386.deb) ...
Selecting previously unselected package libjasper1:i386.
Unpacking libjasper1:i386 (from .../libjasper1_1.900.1-13_i386.deb) ...
Selecting previously unselected package libgdk-pixbuf2.0-common.
Unpacking libgdk-pixbuf2.0-common (from .../libgdk-pixbuf2.0-common_2.26.1-1_all.deb) ...
Selecting previously unselected package libgdk-pixbuf2.0-0:i386.
Unpacking libgdk-pixbuf2.0-0:i386 (from .../libgdk-pixbuf2.0-0_2.26.1-1_i386.deb) ...
Selecting previously unselected package libquadmath0:i386.
Unpacking libquadmath0:i386 (from .../libquadmath0_4.7.2-5_i386.deb) ...
Selecting previously unselected package libgfortran3:i386.
Unpacking libgfortran3:i386 (from .../libgfortran3_4.7.2-5_i386.deb) ...
Selecting previously unselected package libgomp1:i386.
Unpacking libgomp1:i386 (from .../libgomp1_4.7.2-5_i386.deb) ...
Selecting previously unselected package x11-common.
Unpacking x11-common (from .../x11-common_1%3a7.7+1_all.deb) ...
Selecting previously unselected package libice6:i386.
Unpacking libice6:i386 (from .../libice6_2%3a1.0.8-2_i386.deb) ...
Selecting previously unselected package liblcms1:i386.
Unpacking liblcms1:i386 (from .../liblcms1_1.19.dfsg-1.2_i386.deb) ...
Selecting previously unselected package liblcms2-2:i386.
Unpacking liblcms2-2:i386 (from .../liblcms2-2_2.2+git20110628-2.2_i386.deb) ...
Selecting previously unselected package liblqr-1-0:i386.
Unpacking liblqr-1-0:i386 (from .../liblqr-1-0_0.4.1-2_i386.deb) ...
Selecting previously unselected package libltdl7:i386.
Unpacking libltdl7:i386 (from .../libltdl7_2.4.2-1.1_i386.deb) ...
Preparing to replace liblua5.1-0 5.1.4-5 (using .../liblua5.1-0_5.1.5-4_i386.deb) ...
Unpacking replacement liblua5.1-0:i386 ...
Selecting previously unselected package libsm6:i386.
Unpacking libsm6:i386 (from .../libsm6_2%3a1.2.1-2_i386.deb) ...
Selecting previously unselected package libxext6:i386.
Unpacking libxext6:i386 (from .../libxext6_2%3a1.3.1-2_i386.deb) ...
Selecting previously unselected package libxt6:i386.
Unpacking libxt6:i386 (from .../libxt6_1%3a1.1.3-1_i386.deb) ...
Selecting previously unselected package libmagickcore5:i386.
Unpacking libmagickcore5:i386 (from .../libmagickcore5_8%3a6.7.7.10-5_i386.deb) ...
Selecting previously unselected package libilmbase6.
Unpacking libilmbase6 (from .../libilmbase6_1.0.1-4_i386.deb) ...
Selecting previously unselected package libmagickwand5:i386.
Unpacking libmagickwand5:i386 (from .../libmagickwand5_8%3a6.7.7.10-5_i386.deb) ...
Selecting previously unselected package libopenexr6.
Unpacking libopenexr6 (from .../libopenexr6_1.6.1-6_i386.deb) ...
Selecting previously unselected package libthai-data.
Unpacking libthai-data (from .../libthai-data_0.1.18-2_all.deb) ...
Selecting previously unselected package libthai0:i386.
Unpacking libthai0:i386 (from .../libthai0_0.1.18-2_i386.deb) ...
Selecting previously unselected package libxft2:i386.
Unpacking libxft2:i386 (from .../libxft2_2.3.1-1_i386.deb) ...
Selecting previously unselected package fontconfig.
Unpacking fontconfig (from .../fontconfig_2.9.0-7.1_i386.deb) ...
Selecting previously unselected package libpango1.0-0:i386.
Unpacking libpango1.0-0:i386 (from .../libpango1.0-0_1.30.0-1_i386.deb) ...
Selecting previously unselected package librsvg2-2:i386.
Unpacking librsvg2-2:i386 (from .../librsvg2-2_2.36.1-1_i386.deb) ...
Selecting previously unselected package libwmf0.2-7:i386.
Unpacking libwmf0.2-7:i386 (from .../libwmf0.2-7_0.2.8.4-10.2_i386.deb) ...
Selecting previously unselected package libmagickcore5-extra:i386.
Unpacking libmagickcore5-extra:i386 (from .../libmagickcore5-extra_8%3a6.7.7.10-5_i386.deb) ...
Selecting previously unselected package libpaper1:i386.
Unpacking libpaper1:i386 (from .../libpaper1_1.1.24+nmu2_i386.deb) ...
Preparing to replace libpcap0.8 1.1.1-2+squeeze1 (using .../libpcap0.8_1.3.0-1_i386.deb) ...
Unpacking replacement libpcap0.8:i386 ...
Selecting previously unselected package libxmu6:i386.
Unpacking libxmu6:i386 (from .../libxmu6_2%3a1.1.1-1_i386.deb) ...
Selecting previously unselected package libxpm4:i386.
Unpacking libxpm4:i386 (from .../libxpm4_1%3a3.5.10-1_i386.deb) ...
Selecting previously unselected package libxaw7:i386.
Unpacking libxaw7:i386 (from .../libxaw7_2%3a1.0.10-2_i386.deb) ...
Preparing to replace libopts25 1:5.10-1.1 (using .../libopts25_1%3a5.12-0.1_i386.deb) ...
Unpacking replacement libopts25 ...
Preparing to replace ntp 1:4.2.6.p2+dfsg-1+b1 (using .../ntp_1%3a4.2.6.p5+dfsg-2_i386.deb) ...
[ ok ] Stopping NTP server: ntpd.
Unpacking replacement ntp ...
Preparing to replace openssh-blacklist 0.4.1 (using .../openssh-blacklist_0.4.1+nmu1_all.deb) ...
Unpacking replacement openssh-blacklist ...
Preparing to replace openssh-blacklist-extra 0.4.1 (using .../openssh-blacklist-extra_0.4.1+nmu1_all.deb) ...
Unpacking replacement openssh-blacklist-extra ...
Selecting previously unselected package poppler-data.
Unpacking poppler-data (from .../poppler-data_0.4.5-10_all.deb) ...
Selecting previously unselected package libsystemd-login0:i386.
Unpacking libsystemd-login0:i386 (from .../libsystemd-login0_44-8_i386.deb) ...
Preparing to replace xz-utils 5.0.0-2 (using .../xz-utils_5.1.1alpha+20120614-2_i386.deb) ...
Unpacking replacement xz-utils ...
Processing triggers for man-db ...
Setting up xz-utils (5.1.1alpha+20120614-2) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
(Reading database ... 27056 files and directories currently installed.)
Preparing to replace bsdmainutils 8.0.13 (using .../bsdmainutils_9.0.3_i386.deb) ...
Unpacking replacement bsdmainutils ...
Preparing to replace dmidecode 2.9-1.2 (using .../dmidecode_2.11-9_i386.deb) ...
Unpacking replacement dmidecode ...
Preparing to replace groff-base 1.20.1-10 (using .../groff-base_1.21-9_i386.deb) ...
Unpacking replacement groff-base ...
Preparing to replace info 4.13a.dfsg.1-6 (using .../info_4.13a.dfsg.1-10_i386.deb) ...
Unpacking replacement info ...
Preparing to replace libnfnetlink0 1.0.0-1 (using .../libnfnetlink0_1.0.0-1.1_i386.deb) ...
Unpacking replacement libnfnetlink0 ...
Preparing to replace iptables 1.4.8-3 (using .../iptables_1.4.14-3_i386.deb) ...
Unpacking replacement iptables ...
Preparing to replace iputils-ping 3:20100418-3 (using .../iputils-ping_3%3a20101006-1+b1_i386.deb) ...
Unpacking replacement iputils-ping ...
Preparing to replace isc-dhcp-client 4.1.1-P1-15+squeeze8 (using .../isc-dhcp-client_4.2.2.dfsg.1-5+deb70u2_i386.deb) ...
Unpacking replacement isc-dhcp-client ...
Preparing to replace isc-dhcp-common 4.1.1-P1-15+squeeze8 (using .../isc-dhcp-common_4.2.2.dfsg.1-5+deb70u2_i386.deb) ...
Unpacking replacement isc-dhcp-common ...
Preparing to replace logrotate 3.7.8-6 (using .../logrotate_3.8.1-4_i386.deb) ...
Unpacking replacement logrotate ...
Preparing to replace man-db 2.5.7-8 (using .../man-db_2.6.2-1_i386.deb) ...
Unpacking replacement man-db ...
Preparing to replace manpages 3.27-1 (using .../manpages_3.44-1_all.deb) ...
Unpacking replacement manpages ...
Preparing to replace nano 2.2.4-1 (using .../nano_2.2.6-1+b1_i386.deb) ...
Unpacking replacement nano ...
Preparing to replace net-tools 1.60-23 (using .../net-tools_1.60-24.2_i386.deb) ...
Unpacking replacement net-tools ...
Preparing to replace netcat-traditional 1.10-38 (using .../netcat-traditional_1.10-40_i386.deb) ...
Unpacking replacement netcat-traditional ...
Preparing to replace traceroute 1:2.0.15-1 (using .../traceroute_1%3a2.0.18-3_i386.deb) ...
Unpacking replacement traceroute ...
Preparing to replace vim 2:7.2.445+hg~cb94c42c0e1a-1 (using .../vim_2%3a7.3.547-6_i386.deb) ...
Unpacking replacement vim ...
Preparing to replace vim-tiny 2:7.2.445+hg~cb94c42c0e1a-1 (using .../vim-tiny_2%3a7.3.547-6_i386.deb) ...
Unpacking replacement vim-tiny ...
Preparing to replace vim-runtime 2:7.2.445+hg~cb94c42c0e1a-1 (using .../vim-runtime_2%3a7.3.547-6_all.deb) ...
Adding 'diversion of /usr/share/vim/vim73/doc/help.txt to /usr/share/vim/vim73/doc/help.txt.vim-tiny by vim-runtime'
Adding 'diversion of /usr/share/vim/vim73/doc/tags to /usr/share/vim/vim73/doc/tags.vim-tiny by vim-runtime'
Unpacking replacement vim-runtime ...
Removing 'diversion of /usr/share/vim/vim72/doc/help.txt to /usr/share/vim/vim72/doc/help.txt.vim-tiny by vim-runtime'
Removing 'diversion of /usr/share/vim/vim72/doc/tags to /usr/share/vim/vim72/doc/tags.vim-tiny by vim-runtime'
Preparing to replace vim-common 2:7.2.445+hg~cb94c42c0e1a-1 (using .../vim-common_2%3a7.3.547-6_i386.deb) ...
Unpacking replacement vim-common ...
Preparing to replace wget 1.12-2.1 (using .../wget_1.13.4-3_i386.deb) ...
Unpacking replacement wget ...
Preparing to replace whiptail 0.52.11-1 (using .../whiptail_0.52.14-10_i386.deb) ...
Unpacking replacement whiptail ...
Preparing to replace debconf-i18n 1.5.36.1 (using .../debconf-i18n_1.5.49_all.deb) ...
Unpacking replacement debconf-i18n ...
Preparing to replace apt-listchanges 2.85.7+squeeze1 (using .../apt-listchanges_2.85.11_all.deb) ...
Unpacking replacement apt-listchanges ...
Preparing to replace at 3.1.12-1+squeeze1 (using .../archives/at_3.1.13-2_i386.deb) ...
[ ok ] Stopping deferred execution scheduler: atd.
Unpacking replacement at ...
Preparing to replace libgeoip1 1.4.7~beta6+dfsg-1 (using .../libgeoip1_1.4.8+dfsg-3_i386.deb) ...
Unpacking replacement libgeoip1 ...
Selecting previously unselected package libisc84.
Unpacking libisc84 (from .../libisc84_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Selecting previously unselected package libdns88.
Unpacking libdns88 (from .../libdns88_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Selecting previously unselected package libisccc80.
Unpacking libisccc80 (from .../libisccc80_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Selecting previously unselected package libisccfg82.
Unpacking libisccfg82 (from .../libisccfg82_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Selecting previously unselected package libbind9-80.
Unpacking libbind9-80 (from .../libbind9-80_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Selecting previously unselected package liblwres80.
Unpacking liblwres80 (from .../liblwres80_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Preparing to replace bind9-host 1:9.7.3.dfsg-1~squeeze8 (using .../bind9-host_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Unpacking replacement bind9-host ...
Preparing to replace debian-faq 4.0.4+nmu1 (using .../debian-faq_5.0.1_all.deb) ...
Unpacking replacement debian-faq ...
Preparing to replace host 1:9.7.3.dfsg-1~squeeze8 (using .../host_1%3a9.8.4.dfsg.P1-4_all.deb) ...
Unpacking replacement host ...
Preparing to replace dnsutils 1:9.7.3.dfsg-1~squeeze8 (using .../dnsutils_1%3a9.8.4.dfsg.P1-4_i386.deb) ...
Unpacking replacement dnsutils ...
Selecting previously unselected package exim4-config.
Unpacking exim4-config (from .../exim4-config_4.80-7_all.deb) ...
Selecting previously unselected package exim4-base.
Unpacking exim4-base (from .../exim4-base_4.80-7_i386.deb) ...
Selecting previously unselected package exim4-daemon-light.
Unpacking exim4-daemon-light (from .../exim4-daemon-light_4.80-7_i386.deb) ...
Preparing to replace ftp 0.17-23 (using .../archives/ftp_0.17-27_i386.deb) ...
Unpacking replacement ftp ...
Selecting previously unselected package krb5-locales.
Unpacking krb5-locales (from .../krb5-locales_1.10.1+dfsg-3_all.deb) ...
Preparing to replace less 436-1 (using .../archives/less_444-4_i386.deb) ...
Unpacking replacement less ...
Preparing to replace libgc1c2 1:6.8-2 (using .../libgc1c2_1%3a7.1-9.1_i386.deb) ...
Unpacking replacement libgc1c2 ...
Preparing to replace lsof 4.81.dfsg.1-1 (using .../lsof_4.86+dfsg-1_i386.deb) ...
Unpacking replacement lsof ...
Preparing to replace m4 1.4.14-3 (using .../archives/m4_1.4.16-3_i386.deb) ...
Unpacking replacement m4 ...
Preparing to replace mlocate 0.22.2-1 (using .../mlocate_0.23.1-1_i386.deb) ...
Unpacking replacement mlocate ...
Preparing to replace ncurses-term 5.7+20100313-5 (using .../ncurses-term_5.9-10_all.deb) ...
Unpacking replacement ncurses-term ...
Preparing to replace openssh-server 1:5.5p1-6+squeeze2 (using .../openssh-server_1%3a6.0p1-3_i386.deb) ...
Unpacking replacement openssh-server ...
Preparing to replace openssh-client 1:5.5p1-6+squeeze2 (using .../openssh-client_1%3a6.0p1-3_i386.deb) ...
Unpacking replacement openssh-client ...
Preparing to replace reportbug 4.12.6 (using .../reportbug_6.4.3_all.deb) ...
Unpacking replacement reportbug ...
Preparing to replace python2.6 2.6.6-8+b1 (using .../python2.6_2.6.8-0.2_i386.deb) ...
Unpacking replacement python2.6 ...
Preparing to replace python2.6-minimal 2.6.6-8+b1 (using .../python2.6-minimal_2.6.8-0.2_i386.deb) ...
Unpacking replacement python2.6-minimal ...
Selecting previously unselected package python-chardet.
Unpacking python-chardet (from .../python-chardet_2.0.1-2_all.deb) ...
Selecting previously unselected package python-debian.
Unpacking python-debian (from .../python-debian_0.1.21_all.deb) ...
Selecting previously unselected package python-fpconst.
Unpacking python-fpconst (from .../python-fpconst_0.7.2-5_all.deb) ...
Selecting previously unselected package python-soappy.
Unpacking python-soappy (from .../python-soappy_0.12.0-4_all.deb) ...
Selecting previously unselected package python-debianbts.
Unpacking python-debianbts (from .../python-debianbts_1.11_all.deb) ...
Preparing to replace python-reportbug 4.12.6 (using .../python-reportbug_6.4.3_all.deb) ...
Unpacking replacement python-reportbug ...
Preparing to replace texinfo 4.13a.dfsg.1-6 (using .../texinfo_4.13a.dfsg.1-10_i386.deb) ...
Unpacking replacement texinfo ...
Preparing to replace time 1.7-23.1 (using .../archives/time_1.7-24_i386.deb) ...
Unpacking replacement time ...
Preparing to replace w3m 0.5.2-9 (using .../archives/w3m_0.5.3-8_i386.deb) ...
Unpacking replacement w3m ...
Preparing to replace wamerican 6-3 (using .../wamerican_7.1-1_all.deb) ...
Unpacking replacement wamerican ...
Preparing to replace whois 5.0.10 (using .../archives/whois_5.0.20_i386.deb) ...
Unpacking replacement whois ...
Preparing to replace libnet1 1.1.4-2 (using .../libnet1_1.1.4-2.1_i386.deb) ...
Unpacking replacement libnet1 ...
Preparing to replace arping 2.09-2 (using .../arping_2.11-1_i386.deb) ...
Unpacking replacement arping ...
Preparing to replace busybox 1:1.17.1-8 (using .../busybox_1%3a1.20.0-7_i386.deb) ...
Unpacking replacement busybox ...
Preparing to replace openssl 0.9.8o-4squeeze13 (using .../openssl_1.0.1c-4_i386.deb) ...
Unpacking replacement openssl ...
Preparing to replace ca-certificates 20090814+nmu3squeeze1 (using .../ca-certificates_20120623_all.deb) ...
Unpacking replacement ca-certificates ...
Preparing to replace curl 7.21.0-2.1+squeeze2 (using .../curl_7.26.0-1_i386.deb) ...
Unpacking replacement curl ...
Selecting previously unselected package dbus.
Unpacking dbus (from .../archives/dbus_1.6.8-1_i386.deb) ...
Preparing to replace discover 2.1.2-5 (using .../discover_2.1.2-5.2_i386.deb) ...
Unpacking replacement discover ...
Preparing to replace libdiscover2 2.1.2-5 (using .../libdiscover2_2.1.2-5.2_i386.deb) ...
Unpacking replacement libdiscover2 ...
Preparing to replace eject 2.1.5+deb1+cvs20081104-7.1 (using .../eject_2.1.5+deb1+cvs20081104-13_i386.deb) ...
Unpacking replacement eject ...
Preparing to replace firmware-linux-free 2.6.32-46 (using .../firmware-linux-free_3.2_all.deb) ...
Unpacking replacement firmware-linux-free ...
Selecting previously unselected package fonts-droid.
Unpacking fonts-droid (from .../fonts-droid_20111207+git-1_all.deb) ...
Selecting previously unselected package fonts-liberation.
Unpacking fonts-liberation (from .../fonts-liberation_1.07.2-6_all.deb) ...
Preparing to replace gcc-4.4-base 4.4.5-8 (using .../gcc-4.4-base_4.4.7-2_i386.deb) ...
Unpacking replacement gcc-4.4-base:i386 ...
Selecting previously unselected package libijs-0.35.
Unpacking libijs-0.35 (from .../libijs-0.35_0.35-8_i386.deb) ...
Selecting previously unselected package libjbig2dec0.
Unpacking libjbig2dec0 (from .../libjbig2dec0_0.11+20120125-1_i386.deb) ...
Selecting previously unselected package libgs9-common.
Unpacking libgs9-common (from .../libgs9-common_9.05~dfsg-6.3_all.deb) ...
Selecting previously unselected package libgs9.
Unpacking libgs9 (from .../libgs9_9.05~dfsg-6.3_i386.deb) ...
Selecting previously unselected package gsfonts.
Unpacking gsfonts (from .../gsfonts_1%3a8.11+urwcyr1.0.7~pre44-4.2_all.deb) ...
Selecting previously unselected package ghostscript.
Unpacking ghostscript (from .../ghostscript_9.05~dfsg-6.3_i386.deb) ...
Selecting previously unselected package gnuplot-nox.
Unpacking gnuplot-nox (from .../gnuplot-nox_4.6.0-8_i386.deb) ...
Selecting previously unselected package gnuplot.
Unpacking gnuplot (from .../gnuplot_4.6.0-8_all.deb) ...
Selecting previously unselected package groff.
Unpacking groff (from .../archives/groff_1.21-9_i386.deb) ...
Selecting previously unselected package heirloom-mailx.
Unpacking heirloom-mailx (from .../heirloom-mailx_12.5-2_i386.deb) ...
Selecting previously unselected package hicolor-icon-theme.
Unpacking hicolor-icon-theme (from .../hicolor-icon-theme_0.12-1_all.deb) ...
Selecting previously unselected package imagemagick.
Unpacking imagemagick (from .../imagemagick_8%3a6.7.7.10-5_i386.deb) ...
Preparing to replace installation-report 2.44 (using .../installation-report_2.49_all.deb) ...
Unpacking replacement installation-report ...
Preparing to replace iso-codes 3.23-1 (using .../iso-codes_3.40-1_all.deb) ...
Unpacking replacement iso-codes ...
Selecting previously unselected package libblas3.
Unpacking libblas3 (from .../libblas3_1.2.20110419-5_i386.deb) ...
Selecting previously unselected package libblas3gf.
Unpacking libblas3gf (from .../libblas3gf_1.2.20110419-5_all.deb) ...
Selecting previously unselected package libexiv2-12.
Unpacking libexiv2-12 (from .../libexiv2-12_0.23-1_i386.deb) ...
Selecting previously unselected package libglib2.0-data.
Unpacking libglib2.0-data (from .../libglib2.0-data_2.33.12+really2.32.4-3_all.deb) ...
Selecting previously unselected package liblinear1.
Unpacking liblinear1 (from .../liblinear1_1.8+dfsg-1_i386.deb) ...
Selecting previously unselected package liblinear-tools.
Unpacking liblinear-tools (from .../liblinear-tools_1.8+dfsg-1_i386.deb) ...
Selecting previously unselected package libnetpbm10.
Unpacking libnetpbm10 (from .../libnetpbm10_2%3a10.0-15+b1_i386.deb) ...
Selecting previously unselected package libpaper-utils.
Unpacking libpaper-utils (from .../libpaper-utils_1.1.24+nmu2_i386.deb) ...
Selecting previously unselected package librsvg2-common:i386.
Unpacking librsvg2-common:i386 (from .../librsvg2-common_2.36.1-1_i386.deb) ...
Selecting previously unselected package libsvm-tools.
Unpacking libsvm-tools (from .../libsvm-tools_3.12-1_i386.deb) ...
Preparing to replace lsb-release 3.2-23.2squeeze1 (using .../lsb-release_4.1+Debian8_all.deb) ...
Unpacking replacement lsb-release ...
Preparing to replace mingetty 1.07-3 (using .../mingetty_1.08-2_i386.deb) ...
Unpacking replacement mingetty ...
Preparing to replace mtr-tiny 0.75-2 (using .../mtr-tiny_0.82-3_i386.deb) ...
Unpacking replacement mtr-tiny ...
Selecting previously unselected package netpbm.
Unpacking netpbm (from .../netpbm_2%3a10.0-15+b1_i386.deb) ...
Preparing to replace psmisc 22.11-1 (using .../psmisc_22.19-1_i386.deb) ...
Unpacking replacement psmisc ...
Selecting previously unselected package psutils.
Unpacking psutils (from .../psutils_1.17.dfsg-1_i386.deb) ...
Preparing to replace python-central 0.6.16+nmu1 (using .../python-central_0.6.17_all.deb) ...
Unpacking replacement python-central ...
Preparing to replace sgml-base 1.26+nmu1 (using .../sgml-base_1.26+nmu3_all.deb) ...
Unpacking replacement sgml-base ...
Selecting previously unselected package shared-mime-info.
Unpacking shared-mime-info (from .../shared-mime-info_1.0-1+b1_i386.deb) ...
Selecting previously unselected package liblensfun-data.
Unpacking liblensfun-data (from .../liblensfun-data_0.2.5-2_all.deb) ...
Selecting previously unselected package liblensfun0.
Unpacking liblensfun0 (from .../liblensfun0_0.2.5-2_i386.deb) ...
Selecting previously unselected package ufraw-batch.
Unpacking ufraw-batch (from .../ufraw-batch_0.18-2_i386.deb) ...
Preparing to replace xml-core 0.13 (using .../xml-core_0.13+nmu2_all.deb) ...
update-catalog: Suppressing action on super catalog. Invoking trigger instead.
update-catalog: Please rebuild the package being set up with a version of debhelper fixing #477751.
Unpacking replacement xml-core ...
Preparing to replace nmap 5.00-3 (using .../nmap_6.00-0.3_i386.deb) ...
Unpacking replacement nmap ...
Processing triggers for install-info ...
Setting up locales (2.13-37) ...
Generating locales (this might take a while)...
en_AU.UTF-8... done
en_BW.UTF-8... done
en_CA.UTF-8... done
en_DK.UTF-8... done
en_GB.UTF-8... done
en_HK.UTF-8... done
en_IE.UTF-8... done
en_IN.UTF-8... done
en_NG.UTF-8... done
en_NZ.UTF-8... done
en_PH.UTF-8... done
en_SG.UTF-8... done
en_US.UTF-8... done
en_ZA.UTF-8... done
en_ZW.UTF-8... done
Generation complete.
Setting up libc6-i686:i386 (2.13-37) ...
Setting up kbd (1.15.3-9) ...
Installing new version of config file /etc/init.d/kbd ...
[info] Setting console screen modes.
[info] Skipping font and keymap setup (handled by console-setup).
Setting up libclass-isa-perl (0.36-3) ...
Setting up libgdbm3:i386 (1.8.3-11) ...
Setting up adduser (3.113+nmu3) ...
Installing new version of config file /etc/deluser.conf ...
Setting up cron (3.0pl1-124) ...
Installing new version of config file /etc/init.d/cron ...
Installing new version of config file /etc/default/cron ...
Installing new version of config file /etc/pam.d/cron ...
Installing new version of config file /etc/crontab ...
Removing obsolete conffile /etc/cron.daily/standard ...
[ ok ] Starting periodic command scheduler: cron.
Setting up libuuid-perl (0.02-5) ...
Setting up libtext-charwidth-perl (0.04-7+b1) ...
Setting up libtext-iconv-perl (1.7-5) ...
Setting up liblocale-gettext-perl (1.05-7+b1) ...
Setting up netbase (5.0) ...
Installing new version of config file /etc/protocols ...
Installing new version of config file /etc/services ...
Setting up iproute (20120521-3) ...
Setting up ifupdown (0.7.5) ...
Installing new version of config file /etc/init.d/networking ...
Migrating network state directory from /etc/network/run to /run/network...
Moving /etc/network/run/ifstate to /run/network/ifstate
Removing obsolete conffile /etc/default/ifupdown ...
Removing obsolete conffile /etc/init.d/ifupdown ...
Removing obsolete conffile /etc/init.d/ifupdown-clean ...
Setting up keyboard-configuration (1.88) ...
Installing new version of config file /etc/init.d/console-setup ...
Installing new version of config file /etc/init.d/keyboard-setup ...
Setting up console-setup-linux (1.88) ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-13.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-9.inc ...
Installing new version of config file /etc/console-setup/remap.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-7.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-2.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-4.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-14.inc ...
Installing new version of config file /etc/console-setup/compose.VISCII.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-1.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-15.inc ...
Installing new version of config file /etc/console-setup/compose.ISO-8859-3.inc ...
Setting up xkb-data (2.5.1-3) ...
Setting up console-setup (1.88) ...
Setting up libklibc (2.0.1-3.1) ...
Setting up klibc-utils (2.0.1-3.1) ...
Setting up cpio (2.11+dfsg-0.1) ...
Setting up libkmod2:i386 (9-2) ...
Setting up kmod (9-2) ...
Setting up module-init-tools (9-2) ...
Removing obsolete conffile /etc/init.d/module-init-tools ...
Removing obsolete conffile /etc/modprobe.d/aliases.conf ...
Setting up libudev0:i386 (175-7) ...
Setting up libncursesw5:i386 (5.9-10) ...
Setting up libprocps0:i386 (1:3.3.3-2) ...
Setting up procps (1:3.3.3-2) ...
Installing new version of config file /etc/init.d/procps ...
[ ok ] Setting kernel variables ...done.
Setting up udev (175-7) ...
Installing new version of config file /etc/udev/udev.conf ...
Installing new version of config file /etc/init.d/udev-mtab ...
Installing new version of config file /etc/init.d/udev ...
[ ok ] Stopping the hotplug events dispatcher: udevd.
[ ok ] Starting the hotplug events dispatcher: udevd.
update-initramfs: deferring update (trigger activated)
?????Ref point 2?????
┌──────────────────────────────────────┤ Configuring linux-base ├──────────────────────────────────────┐
│ │
│ The new Linux kernel version provides different drivers for some PATA (IDE) controllers. The names
│ of some hard disk, CD-ROM, and tape devices may change.
│ It is now recommended to identify disk devices in configuration files by label or UUID (unique
│ identifier) rather than by device name, which will work with both old and new kernel versions.
│ <Ok>
│ │
└──────────────────────────────────────────────────────────────────────────────────────────────────────┘
?????Ref Point 3?????
┌────────────┤ Configuring linux-base ├────────────┐
│ │
│ Update disk device IDs in system configuration? │
│ │
│ <Yes> <No> │
│ │
└──────────────────────────────────────────────────┘
?????Ref Point 4?????
┌────────────────────────────────────┤ Configuring linux-base ├─────────────────────────────────────┐
│ │
│ Boot loader configuration check needed
│ The boot loader configuration for this system was not recognized. These settings in the
│ configuration may need to be updated:
│ <Ok>
│ │
└───────────────────────────────────────────────────────────────────────────────────────────────────┘
?????Ref Point 5?????
Setting up initramfs-tools (0.109) ...
Installing new version of config file /etc/kernel/postrm.d/initramfs-tools ...
Installing new version of config file /etc/kernel/postinst.d/initramfs-tools ...
Installing new version of config file /etc/initramfs-tools/initramfs.conf ...
update-initramfs: deferring update (trigger activated)
Setting up linux-base (3.5) ...
Setting up libevent-2.0-5:i386 (2.0.19-stable-3) ...
Setting up libcap2:i386 (1:2.22-1.2) ...
Setting up libkeyutils1:i386 (1.5.5-3) ...
Setting up libkrb5support0:i386 (1.10.1+dfsg-3) ...
Setting up libk5crypto3:i386 (1.10.1+dfsg-3) ...
Setting up libkrb5-3:i386 (1.10.1+dfsg-3) ...
Setting up libgpg-error0:i386 (1.10-3.1) ...
Setting up libgcrypt11:i386 (1.5.0-3) ...
Setting up libp11-kit0:i386 (0.12-3) ...
Setting up libtasn1-3:i386 (2.13-2) ...
Setting up libgnutls26:i386 (2.12.20-2) ...
Setting up libsasl2-2:i386 (2.1.25.dfsg1-6) ...
Setting up libldap-2.4-2:i386 (2.4.31-1) ...
Installing new version of config file /etc/ldap/ldap.conf ...
Setting up libnfsidmap2:i386 (0.25-4) ...
Setting up libwrap0:i386 (7.6.q-24) ...
Setting up ucf (3.0025+nmu3) ...
Setting up rsyslog (5.8.11-2) ...
Installing new version of config file /etc/logcheck/ignore.d.server/rsyslog ...
Installing new version of config file /etc/rsyslog.conf ...
Installing new version of config file /etc/init.d/rsyslog ...
Installing new version of config file /etc/default/rsyslog ...
Installing new version of config file /etc/logrotate.d/rsyslog ...
[ ok ] Stopping enhanced syslogd: rsyslogd.
[ ok ] Starting enhanced syslogd: rsyslogd.
Setting up tcpd (7.6.q-24) ...
Setting up libgssapi-krb5-2:i386 (1.10.1+dfsg-3) ...
Setting up libssl1.0.0:i386 (1.0.1c-4) ...
Setting up libsasl2-modules:i386 (2.1.25.dfsg1-6) ...
Setting up aptitude-common (0.6.8.2-1) ...
Setting up libboost-iostreams1.49.0 (1.49.0-3.1) ...
Setting up libsigc++-2.0-0c2a:i386 (2.2.10-0.2) ...
Setting up libcwidget3 (0.5.16-3.4) ...
Setting up libxapian22 (1.2.12-2) ...
Setting up libept1.4.12 (1.0.9) ...
Setting up libsqlite3-0:i386 (3.7.13-1) ...
Setting up aptitude (0.6.8.2-1) ...
update-alternatives: warning: forcing reinstallation of alternative /usr/bin/aptitude-curses because link group aptitude is broken
Setting up libapt-inst1.5:i386 (0.9.7.7) ...
Setting up python2.7-minimal (2.7.3-6) ...
Linking and byte-compiling packages for runtime python2.7...
Setting up libexpat1:i386 (2.1.0-1) ...
Setting up mime-support (3.52-1) ...
Installing new version of config file /etc/mime.types ...
Setting up python2.7 (2.7.3-6) ...
Setting up python-minimal (2.7.3~rc2-1) ...
Setting up python (2.7.3~rc2-1) ...
Linking and byte-compiling packages for runtime python2.7...
running python rtupdate hooks for python2.7...
running python post-rtupdate hooks for python2.7...
Linking and byte-compiling packages for runtime python2.7...
Setting up python-support (1.0.15) ...
Setting up python-apt-common (0.8.8.1) ...
Setting up python-apt (0.8.8.1) ...
Setting up apt-utils (0.9.7.7) ...
Setting up libnewt0.52 (0.52.14-10) ...
Setting up libpipeline1:i386 (1.2.1-1) ...
Setting up libpopt0:i386 (1.16-7) ...
Setting up mawk (1.3.3-17) ...
Setting up bash-completion (1:2.0-1) ...
Installing new version of config file /etc/profile.d/bash_completion.sh ...
Installing new version of config file /etc/bash_completion ...
Removing obsolete conffile /etc/bash_completion.d/openldap ...
Removing obsolete conffile /etc/bash_completion.d/lzma ...
Removing obsolete conffile /etc/bash_completion.d/rfkill ...
Removing obsolete conffile /etc/bash_completion.d/xmlwf ...
Removing obsolete conffile /etc/bash_completion.d/sbcl ...
Removing obsolete conffile /etc/bash_completion.d/lisp ...
Removing obsolete conffile /etc/bash_completion.d/clisp ...
Removing obsolete conffile /etc/bash_completion.d/cvsps ...
Removing obsolete conffile /etc/bash_completion.d/wol ...
Removing obsolete conffile /etc/bash_completion.d/abook ...
Removing obsolete conffile /etc/bash_completion.d/cksfv ...
Removing obsolete conffile /etc/bash_completion.d/quota-tools ...
Removing obsolete conffile /etc/bash_completion.d/vpnc ...
Removing obsolete conffile /etc/bash_completion.d/lvm ...
Removing obsolete conffile /etc/bash_completion.d/cups ...
Removing obsolete conffile /etc/bash_completion.d/p4 ...
Removing obsolete conffile /etc/bash_completion.d/apt ...
Removing obsolete conffile /etc/bash_completion.d/mount ...
Removing obsolete conffile /etc/bash_completion.d/isql ...
Removing obsolete conffile /etc/bash_completion.d/ssh ...
Removing obsolete conffile /etc/bash_completion.d/aspell ...
Removing obsolete conffile /etc/bash_completion.d/qemu ...
Removing obsolete conffile /etc/bash_completion.d/screen ...
Removing obsolete conffile /etc/bash_completion.d/larch ...
Removing obsolete conffile /etc/bash_completion.d/pine ...
Removing obsolete conffile /etc/bash_completion.d/getent ...
Removing obsolete conffile /etc/bash_completion.d/xm ...
Removing obsolete conffile /etc/bash_completion.d/vncviewer ...
Removing obsolete conffile /etc/bash_completion.d/service ...
Removing obsolete conffile /etc/bash_completion.d/mailman ...
Removing obsolete conffile /etc/bash_completion.d/rcs ...
Removing obsolete conffile /etc/bash_completion.d/yp-tools ...
Removing obsolete conffile /etc/bash_completion.d/pkgtools ...
Removing obsolete conffile /etc/bash_completion.d/make ...
Removing obsolete conffile /etc/bash_completion.d/wvdial ...
Removing obsolete conffile /etc/bash_completion.d/mkinitrd ...
Removing obsolete conffile /etc/bash_completion.d/lintian ...
Removing obsolete conffile /etc/bash_completion.d/pkg_install ...
Removing obsolete conffile /etc/bash_completion.d/perl ...
Removing obsolete conffile /etc/bash_completion.d/gcl ...
Removing obsolete conffile /etc/bash_completion.d/iptables ...
Removing obsolete conffile /etc/bash_completion.d/wtf ...
Removing obsolete conffile /etc/bash_completion.d/ntpdate ...
Removing obsolete conffile /etc/bash_completion.d/openssl ...
Removing obsolete conffile /etc/bash_completion.d/minicom ...
Removing obsolete conffile /etc/bash_completion.d/gdb ...
Removing obsolete conffile /etc/bash_completion.d/aptitude ...
Removing obsolete conffile /etc/bash_completion.d/xrandr ...
Removing obsolete conffile /etc/bash_completion.d/gpg2 ...
Removing obsolete conffile /etc/bash_completion.d/nmap ...
Removing obsolete conffile /etc/bash_completion.d/cvs ...
Removing obsolete conffile /etc/bash_completion.d/cardctl ...
Removing obsolete conffile /etc/bash_completion.d/cowsay ...
Removing obsolete conffile /etc/bash_completion.d/xmms ...
Removing obsolete conffile /etc/bash_completion.d/cpio ...
Removing obsolete conffile /etc/bash_completion.d/smartctl ...
Removing obsolete conffile /etc/bash_completion.d/cpan2dist ...
Removing obsolete conffile /etc/bash_completion.d/chkconfig ...
Removing obsolete conffile /etc/bash_completion.d/brctl ...
Removing obsolete conffile /etc/bash_completion.d/resolvconf ...
Removing obsolete conffile /etc/bash_completion.d/hping2 ...
Removing obsolete conffile /etc/bash_completion.d/mysqladmin ...
Removing obsolete conffile /etc/bash_completion.d/ncftp ...
Removing obsolete conffile /etc/bash_completion.d/gcc ...
Removing obsolete conffile /etc/bash_completion.d/xz ...
Removing obsolete conffile /etc/bash_completion.d/tar ...
Removing obsolete conffile /etc/bash_completion.d/rrdtool ...
Removing obsolete conffile /etc/bash_completion.d/info ...
Removing obsolete conffile /etc/bash_completion.d/dict ...
Removing obsolete conffile /etc/bash_completion.d/unace ...
Removing obsolete conffile /etc/bash_completion.d/procps ...
Removing obsolete conffile /etc/bash_completion.d/apt-build ...
Removing obsolete conffile /etc/bash_completion.d/bash-builtins ...
Removing obsolete conffile /etc/bash_completion.d/ldapvi ...
Removing obsolete conffile /etc/bash_completion.d/rpm ...
Removing obsolete conffile /etc/bash_completion.d/java ...
Removing obsolete conffile /etc/bash_completion.d/monodevelop ...
Removing obsolete conffile /etc/bash_completion.d/gzip ...
Removing obsolete conffile /etc/bash_completion.d/ri ...
Removing obsolete conffile /etc/bash_completion.d/povray ...
Removing obsolete conffile /etc/bash_completion.d/bittorrent ...
Removing obsolete conffile /etc/bash_completion.d/gpg ...
Removing obsolete conffile /etc/bash_completion.d/fuse ...
Removing obsolete conffile /etc/bash_completion.d/dhclient ...
Removing obsolete conffile /etc/bash_completion.d/kldload ...
Removing obsolete conffile /etc/bash_completion.d/yum-arch ...
Removing obsolete conffile /etc/bash_completion.d/mdadm ...
Removing obsolete conffile /etc/bash_completion.d/rpcdebug ...
Removing obsolete conffile /etc/bash_completion.d/tcpdump ...
Removing obsolete conffile /etc/bash_completion.d/pm-utils ...
Removing obsolete conffile /etc/bash_completion.d/xsltproc ...
Removing obsolete conffile /etc/bash_completion.d/ipsec ...
Removing obsolete conffile /etc/bash_completion.d/links ...
Removing obsolete conffile /etc/bash_completion.d/mplayer ...
Removing obsolete conffile /etc/bash_completion.d/dd ...
Removing obsolete conffile /etc/bash_completion.d/samba ...
Removing obsolete conffile /etc/bash_completion.d/sshfs ...
Removing obsolete conffile /etc/bash_completion.d/dpkg ...
Removing obsolete conffile /etc/bash_completion.d/postgresql ...
Removing obsolete conffile /etc/bash_completion.d/jar ...
Removing obsolete conffile /etc/bash_completion.d/lzop ...
Removing obsolete conffile /etc/bash_completion.d/qdbus ...
Removing obsolete conffile /etc/bash_completion.d/msynctool ...
Removing obsolete conffile /etc/bash_completion.d/util-linux ...
Removing obsolete conffile /etc/bash_completion.d/dsniff ...
Removing obsolete conffile /etc/bash_completion.d/rpmcheck ...
Removing obsolete conffile /etc/bash_completion.d/wodim ...
Removing obsolete conffile /etc/bash_completion.d/portupgrade ...
Removing obsolete conffile /etc/bash_completion.d/autorpm ...
Removing obsolete conffile /etc/bash_completion.d/mc ...
Removing obsolete conffile /etc/bash_completion.d/wireless-tools ...
Removing obsolete conffile /etc/bash_completion.d/genisoimage ...
Removing obsolete conffile /etc/bash_completion.d/coreutils ...
Removing obsolete conffile /etc/bash_completion.d/cryptsetup ...
Removing obsolete conffile /etc/bash_completion.d/medusa ...
Removing obsolete conffile /etc/bash_completion.d/chsh ...
Removing obsolete conffile /etc/bash_completion.d/update-alternatives ...
Removing obsolete conffile /etc/bash_completion.d/configure ...
Removing obsolete conffile /etc/bash_completion.d/xmllint ...
Removing obsolete conffile /etc/bash_completion.d/lftp ...
Removing obsolete conffile /etc/bash_completion.d/sitecopy ...
Removing obsolete conffile /etc/bash_completion.d/snownews ...
Removing obsolete conffile /etc/bash_completion.d/rsync ...
Removing obsolete conffile /etc/bash_completion.d/lilo ...
Removing obsolete conffile /etc/bash_completion.d/findutils ...
Removing obsolete conffile /etc/bash_completion.d/strace ...
Removing obsolete conffile /etc/bash_completion.d/man ...
Removing obsolete conffile /etc/bash_completion.d/freeciv ...
Removing obsolete conffile /etc/bash_completion.d/ifupdown ...
Removing obsolete conffile /etc/bash_completion.d/module-init-tools ...
Removing obsolete conffile /etc/bash_completion.d/sysv-rc ...
Removing obsolete conffile /etc/bash_completion.d/unrar ...
Removing obsolete conffile /etc/bash_completion.d/bitkeeper ...
Removing obsolete conffile /etc/bash_completion.d/postfix ...
Removing obsolete conffile /etc/bash_completion.d/munin-node ...
Removing obsolete conffile /etc/bash_completion.d/svk ...
Removing obsolete conffile /etc/bash_completion.d/rdesktop ...
Removing obsolete conffile /etc/bash_completion.d/iconv ...
Removing obsolete conffile /etc/bash_completion.d/xhost ...
Removing obsolete conffile /etc/bash_completion.d/ipmitool ...
Removing obsolete conffile /etc/bash_completion.d/sysctl ...
Removing obsolete conffile /etc/bash_completion.d/apache2ctl ...
Removing obsolete conffile /etc/bash_completion.d/ipv6calc ...
Removing obsolete conffile /etc/bash_completion.d/mutt ...
Removing obsolete conffile /etc/bash_completion.d/bzip2 ...
Removing obsolete conffile /etc/bash_completion.d/ant ...
Removing obsolete conffile /etc/bash_completion.d/k3b ...
Removing obsolete conffile /etc/bash_completion.d/imagemagick ...
Removing obsolete conffile /etc/bash_completion.d/pkg-config ...
Removing obsolete conffile /etc/bash_completion.d/bluez ...
Removing obsolete conffile /etc/bash_completion.d/net-tools ...
Removing obsolete conffile /etc/bash_completion.d/rtcwake ...
Removing obsolete conffile /etc/bash_completion.d/gkrellm ...
Removing obsolete conffile /etc/bash_completion.d/mcrypt ...
Removing obsolete conffile /etc/bash_completion.d/cfengine ...
Removing obsolete conffile /etc/bash_completion.d/heimdal ...
Removing obsolete conffile /etc/bash_completion.d/shadow ...
Removing obsolete conffile /etc/bash_completion.d/python ...
Removing obsolete conffile /etc/bash_completion.d/bind-utils ...
Removing obsolete conffile /etc/bash_completion.d/reportbug ...
Removing obsolete conffile /etc/bash_completion.d/gnatmake ...
Removing obsolete conffile /etc/bash_completion.d/dselect ...
Setting up libasprintf0c2:i386 (0.18.1.1-9) ...
Setting up gettext-base (0.18.1.1-9) ...
Setting up libbsd0:i386 (0.4.2-1) ...
Setting up libedit2:i386 (2.11-20080614-5) ...
Setting up libgpm2:i386 (1.20.4-6) ...
Setting up libgssrpc4:i386 (1.10.1+dfsg-3) ...
Setting up libidn11:i386 (1.25-2) ...
Setting up liblockfile-bin (1.09-5) ...
Setting up liblockfile1:i386 (1.09-5) ...
Setting up libmagic1:i386 (5.11-2) ...
Setting up file (5.11-2) ...
Setting up libpci3:i386 (1:3.1.9-6) ...
Setting up pciutils (1:3.1.9-6) ...
Setting up libpcre3:i386 (1:8.30-5) ...
Setting up librpcsecgss3:i386 (0.19-5) ...
Setting up libxml2:i386 (2.8.0+dfsg1-7) ...
Setting up geoip-database (20130108-1) ...
Setting up imagemagick-common (8:6.7.7.10-5) ...
Setting up libavahi-common-data:i386 (0.6.31-1) ...
Setting up libavahi-common3:i386 (0.6.31-1) ...
Setting up libdbus-1-3:i386 (1.6.8-1) ...
Setting up libavahi-client3:i386 (0.6.31-1) ...
Setting up libfreetype6:i386 (2.4.9-1.1) ...
Setting up ttf-dejavu-core (2.33-3) ...
Setting up fontconfig-config (2.9.0-7.1) ...
Setting up libfontconfig1:i386 (2.9.0-7.1) ...
Setting up libpixman-1-0:i386 (0.26.0-3) ...
Setting up libpng12-0:i386 (1.2.49-1) ...
Setting up libxau6:i386 (1:1.0.7-1) ...
Setting up libxdmcp6:i386 (1:1.1.1-1) ...
Setting up libxcb1:i386 (1.8.1-2) ...
Setting up libx11-data (2:1.5.0-1) ...
Setting up libx11-6:i386 (2:1.5.0-1) ...
Setting up libxcb-render0:i386 (1.8.1-2) ...
Setting up libxcb-shm0:i386 (1.8.1-2) ...
Setting up libxrender1:i386 (1:0.9.7-1) ...
Setting up libcairo2:i386 (1.12.2-2) ...
Setting up libffi5:i386 (3.0.10-3) ...
Setting up libglib2.0-0:i386 (2.33.12+really2.32.4-3) ...
No schema files found: doing nothing.
Setting up libcroco3:i386 (0.6.6-2) ...
Setting up libcups2:i386 (1.5.3-2.13) ...
Setting up libjpeg8:i386 (8d-1) ...
Setting up libjbig0:i386 (2.0-2) ...
Setting up libtiff4:i386 (3.9.6-11) ...
Setting up libcupsimage2:i386 (1.5.3-2.13) ...
Setting up librtmp0:i386 (2.4+20111222.git4e06e21-1) ...
Setting up libssh2-1:i386 (1.4.2-1.1) ...
Setting up libcurl3:i386 (7.26.0-1) ...
Setting up libdatrie1:i386 (0.2.5-3) ...
Setting up libdjvulibre-text (3.5.25.3-1) ...
Setting up libdjvulibre21 (3.5.25.3-1) ...
Setting up libgd2-noxpm:i386 (2.0.36~rc1~dfsg-6.1) ...
Setting up libjasper1:i386 (1.900.1-13) ...
Setting up libgdk-pixbuf2.0-common (2.26.1-1) ...
Setting up libgdk-pixbuf2.0-0:i386 (2.26.1-1) ...
Setting up libquadmath0:i386 (4.7.2-5) ...
Setting up libgfortran3:i386 (4.7.2-5) ...
Setting up libgomp1:i386 (4.7.2-5) ...
Setting up x11-common (1:7.7+1) ...
Setting up libice6:i386 (2:1.0.8-2) ...
Setting up liblcms1:i386 (1.19.dfsg-1.2) ...
Setting up liblcms2-2:i386 (2.2+git20110628-2.2) ...
Setting up liblqr-1-0:i386 (0.4.1-2) ...
Setting up libltdl7:i386 (2.4.2-1.1) ...
Setting up liblua5.1-0:i386 (5.1.5-4) ...
Setting up libsm6:i386 (2:1.2.1-2) ...
Setting up libxext6:i386 (2:1.3.1-2) ...
Setting up libxt6:i386 (1:1.1.3-1) ...
Setting up libmagickcore5:i386 (8:6.7.7.10-5) ...
Setting up libilmbase6 (1.0.1-4) ...
Setting up libmagickwand5:i386 (8:6.7.7.10-5) ...
Setting up libopenexr6 (1.6.1-6) ...
Setting up libthai-data (0.1.18-2) ...
Setting up libthai0:i386 (0.1.18-2) ...
Setting up libxft2:i386 (2.3.1-1) ...
Setting up fontconfig (2.9.0-7.1) ...
Regenerating fonts cache... done.
Setting up libpango1.0-0:i386 (1.30.0-1) ...
Setting up librsvg2-2:i386 (2.36.1-1) ...
Setting up libwmf0.2-7:i386 (0.2.8.4-10.2) ...
Setting up libmagickcore5-extra:i386 (8:6.7.7.10-5) ...
Setting up libpaper1:i386 (1.1.24+nmu2) ...
Creating config file /etc/papersize with new version
Setting up libpcap0.8:i386 (1.3.0-1) ...
Setting up libxmu6:i386 (2:1.1.1-1) ...
Setting up libxpm4:i386 (1:3.5.10-1) ...
Setting up libxaw7:i386 (2:1.0.10-2) ...
Setting up libopts25 (1:5.12-0.1) ...
Setting up ntp (1:4.2.6.p5+dfsg-2) ...
Installing new version of config file /etc/cron.daily/ntp ...
[ ok ] Starting NTP server: ntpd.
Setting up openssh-blacklist (0.4.1+nmu1) ...
Setting up openssh-blacklist-extra (0.4.1+nmu1) ...
Setting up poppler-data (0.4.5-10) ...
Setting up libsystemd-login0:i386 (44-8) ...
Setting up bsdmainutils (9.0.3) ...
Installing new version of config file /etc/cron.daily/bsdmainutils ...
Setting up dmidecode (2.11-9) ...
Setting up groff-base (1.21-9) ...
Setting up info (4.13a.dfsg.1-10) ...
Setting up libnfnetlink0 (1.0.0-1.1) ...
Setting up iptables (1.4.14-3) ...
Setting up iputils-ping (3:20101006-1+b1) ...
Setting up isc-dhcp-common (4.2.2.dfsg.1-5+deb70u2) ...
Setting up isc-dhcp-client (4.2.2.dfsg.1-5+deb70u2) ...
Configuration file `/etc/dhcp/dhclient.conf'
==> Modified (by you or by a script) since installation.
==> Package distributor has shipped an updated version.
What would you like to do about it ? Your options are:
Y or I : install the package maintainer's version
N or O : keep your currently-installed version
D : show the differences between the versions
Z : start a shell to examine the situation
The default action is to keep your current version.
*** dhclient.conf (Y/I/N/O/D/Z) [default=N] ?
==========
I hit <Enter> to choose the default
=====Output=====
Installing new version of config file /etc/dhcp/dhclient-exit-hooks.d/debug ...
Installing new version of config file /etc/dhcp/dhclient-exit-hooks.d/rfc3442-classless-routes ...
Installing new version of config file /etc/dhcp/dhclient-enter-hooks.d/debug ...
Setting up logrotate (3.8.1-4) ...
Setting up man-db (2.6.2-1) ...
Installing new version of config file /etc/cron.daily/man-db ...
Installing new version of config file /etc/cron.weekly/man-db ...
Updating database of manual pages ...
Setting up manpages (3.44-1) ...
Setting up nano (2.2.6-1+b1) ...
Setting up net-tools (1.60-24.2) ...
Setting up netcat-traditional (1.10-40) ...
update-alternatives: warning: forcing reinstallation of alternative /bin/nc.traditional because link group nc is broken
Setting up traceroute (1:2.0.18-3) ...
update-alternatives: using /usr/bin/traceroute.db to provide /usr/bin/traceroute (traceroute) in auto mode
update-alternatives: using /usr/bin/traceroute6.db to provide /usr/bin/traceroute6 (traceroute6) in auto mode
update-alternatives: using /usr/bin/lft.db to provide /usr/bin/lft (lft) in auto mode
update-alternatives: using /usr/bin/traceproto.db to provide /usr/bin/traceproto (traceproto) in auto mode
update-alternatives: using /usr/sbin/tcptraceroute.db to provide /usr/sbin/tcptraceroute (tcptraceroute) in auto mode
Setting up vim-common (2:7.3.547-6) ...
Setting up vim-runtime (2:7.3.547-6) ...
Processing /usr/share/vim/addons/doc
Setting up vim (2:7.3.547-6) ...
Setting up vim-tiny (2:7.3.547-6) ...
Installing new version of config file /etc/vim/vimrc.tiny ...
Setting up wget (1.13.4-3) ...
Setting up whiptail (0.52.14-10) ...
Setting up debconf-i18n (1.5.49) ...
Setting up apt-listchanges (2.85.11) ...
Setting up at (3.1.13-2) ...
[ ok ] Starting deferred execution scheduler: atd.
Setting up libgeoip1 (1.4.8+dfsg-3) ...
Setting up libisc84 (1:9.8.4.dfsg.P1-4) ...
Setting up libdns88 (1:9.8.4.dfsg.P1-4) ...
Setting up libisccc80 (1:9.8.4.dfsg.P1-4) ...
Setting up libisccfg82 (1:9.8.4.dfsg.P1-4) ...
Setting up libbind9-80 (1:9.8.4.dfsg.P1-4) ...
Setting up liblwres80 (1:9.8.4.dfsg.P1-4) ...
Setting up bind9-host (1:9.8.4.dfsg.P1-4) ...
Setting up debian-faq (5.0.1) ...
Setting up host (1:9.8.4.dfsg.P1-4) ...
Setting up dnsutils (1:9.8.4.dfsg.P1-4) ...
Setting up exim4-config (4.80-7) ...
Setting up exim4-base (4.80-7) ...
exim: DB upgrade, deleting hints-db
Setting up exim4-daemon-light (4.80-7) ...
[ ok ] Starting MTA: exim4.
Setting up ftp (0.17-27) ...
Setting up krb5-locales (1.10.1+dfsg-3) ...
Setting up less (444-4) ...
Setting up libgc1c2 (1:7.1-9.1) ...
Setting up m4 (1.4.16-3) ...
Setting up mlocate (0.23.1-1) ...
Installing new version of config file /etc/updatedb.conf ...
Setting up ncurses-term (5.9-10) ...
Setting up openssh-client (1:6.0p1-3) ...
Installing new version of config file /etc/ssh/moduli ...
Setting up openssh-server (1:6.0p1-3) ...
Installing new version of config file /etc/init.d/ssh ...
Installing new version of config file /etc/pam.d/sshd ...
[ ok ] Restarting OpenBSD Secure Shell server: sshd.
Setting up python2.6-minimal (2.6.8-0.2) ...
Setting up python2.6 (2.6.8-0.2) ...
Setting up python-chardet (2.0.1-2) ...
Setting up python-debian (0.1.21) ...
Setting up python-fpconst (0.7.2-5) ...
Setting up python-soappy (0.12.0-4) ...
Setting up python-debianbts (1.11) ...
Setting up python-reportbug (6.4.3) ...
Setting up reportbug (6.4.3) ...
Installing new version of config file /etc/reportbug.conf ...
Setting up texinfo (4.13a.dfsg.1-10) ...
Setting up time (1.7-24) ...
Setting up w3m (0.5.3-8) ...
Setting up wamerican (7.1-1) ...
Setting up whois (5.0.20) ...
Setting up libnet1 (1.1.4-2.1) ...
Setting up arping (2.11-1) ...
Setting up busybox (1:1.20.0-7) ...
Setting up openssl (1.0.1c-4) ...
Installing new version of config file /etc/ssl/openssl.cnf ...
Setting up ca-certificates (20120623) ...
Clearing symlinks in /etc/ssl/certs...done.
Updating certificates in /etc/ssl/certs... 151 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Setting up curl (7.26.0-1) ...
Setting up dbus (1.6.8-1) ...
[ ok ] Starting system message bus: dbus.
Setting up libdiscover2 (2.1.2-5.2) ...
Setting up discover (2.1.2-5.2) ...
Setting up firmware-linux-free (3.2) ...
update-initramfs: deferring update (trigger activated)
Setting up fonts-droid (20111207+git-1) ...
Setting up fonts-liberation (1.07.2-6) ...
Setting up gcc-4.4-base:i386 (4.4.7-2) ...
Setting up libijs-0.35 (0.35-8) ...
Setting up libjbig2dec0 (0.11+20120125-1) ...
Setting up libgs9-common (9.05~dfsg-6.3) ...
Setting up libgs9 (9.05~dfsg-6.3) ...
Setting up gsfonts (1:8.11+urwcyr1.0.7~pre44-4.2) ...
Setting up ghostscript (9.05~dfsg-6.3) ...
Setting up gnuplot-nox (4.6.0-8) ...
Setting up gnuplot (4.6.0-8) ...
Setting up groff (1.21-9) ...
Setting up heirloom-mailx (12.5-2) ...
update-alternatives: using /usr/bin/heirloom-mailx to provide /usr/bin/mailx (mailx) in auto mode
Setting up hicolor-icon-theme (0.12-1) ...
Setting up imagemagick (8:6.7.7.10-5) ...
update-alternatives: using /usr/bin/compare.im6 to provide /usr/bin/compare (compare) in auto mode
update-alternatives: using /usr/bin/animate.im6 to provide /usr/bin/animate (animate) in auto mode
update-alternatives: using /usr/bin/convert.im6 to provide /usr/bin/convert (convert) in auto mode
update-alternatives: using /usr/bin/composite.im6 to provide /usr/bin/composite (composite) in auto mode
update-alternatives: using /usr/bin/conjure.im6 to provide /usr/bin/conjure (conjure) in auto mode
update-alternatives: using /usr/bin/import.im6 to provide /usr/bin/import (import) in auto mode
update-alternatives: using /usr/bin/identify.im6 to provide /usr/bin/identify (identify) in auto mode
update-alternatives: using /usr/bin/stream.im6 to provide /usr/bin/stream (stream) in auto mode
update-alternatives: using /usr/bin/display.im6 to provide /usr/bin/display (display) in auto mode
update-alternatives: using /usr/bin/montage.im6 to provide /usr/bin/montage (montage) in auto mode
update-alternatives: using /usr/bin/mogrify.im6 to provide /usr/bin/mogrify (mogrify) in auto mode
Setting up installation-report (2.49) ...
Setting up iso-codes (3.40-1) ...
Setting up libblas3 (1.2.20110419-5) ...
update-alternatives: using /usr/lib/libblas/libblas.so.3 to provide /usr/lib/libblas.so.3 (libblas.so.3) in auto mode
Setting up libblas3gf (1.2.20110419-5) ...
Setting up libexiv2-12 (0.23-1) ...
Setting up libglib2.0-data (2.33.12+really2.32.4-3) ...
Setting up liblinear1 (1.8+dfsg-1) ...
Setting up liblinear-tools (1.8+dfsg-1) ...
Setting up libnetpbm10 (2:10.0-15+b1) ...
Setting up libpaper-utils (1.1.24+nmu2) ...
Setting up librsvg2-common:i386 (2.36.1-1) ...
Setting up libsvm-tools (3.12-1) ...
Setting up lsb-release (4.1+Debian8) ...
Setting up mingetty (1.08-2) ...
Setting up mtr-tiny (0.82-3) ...
Setting up netpbm (2:10.0-15+b1) ...
Setting up psmisc (22.19-1) ...
Setting up psutils (1.17.dfsg-1) ...
Setting up python-central (0.6.17) ...
Setting up shared-mime-info (1.0-1+b1) ...
Setting up liblensfun-data (0.2.5-2) ...
Setting up liblensfun0 (0.2.5-2) ...
Setting up ufraw-batch (0.18-2) ...
Setting up nmap (6.00-0.3) ...
Setting up libdevmapper1.02.1:i386 (2:1.02.74-4) ...
Setting up nfs-common (1:1.2.6-3) ...
Installing new version of config file /etc/init.d/nfs-common ...
Replacing config file /etc/idmapd.conf with new version
Replacing config file /etc/default/nfs-common with new version
[ ok ] Stopping NFS common utilities: idmapd statd.
[ ok ] Starting NFS common utilities: statd idmapd.
Setting up tasksel (3.14) ...
Setting up tasksel-data (3.14) ...
Setting up eject (2.1.5+deb1+cvs20081104-13) ...
Setting up libswitch-perl (2.16-2) ...
Setting up dmsetup (2:1.02.74-4) ...
update-initramfs: deferring update (trigger activated)
Setting up perl-modules (5.14.2-16) ...
Setting up perl (5.14.2-16) ...
Setting up lsof (4.86+dfsg-1) ...
Setting up sgml-base (1.26+nmu3) ...
Updating the super catalog...
Setting up xml-core (0.13+nmu2) ...
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-2.6.32-5-686
WARNING: could not open /var/tmp/mkinitramfs_2MXo56/lib/modules/2.6.32-5-686/modules.builtin: No such file or directory
Processing triggers for python-support ...
Processing triggers for libgdk-pixbuf2.0-0:i386 ...
Processing triggers for sgml-base ...
Updating the super catalog...
==========
reboot in the linode console
!!!!!NOTE!!!!!
Brad, if you are starting here from the VM base:
apt-get update
apt-get upgrade
!!!!!!!!!!
Start building the web server
apt-get install libapache2-mod-fastcgi apache2-mpm-worker php5-fpm php-apc php5-curl
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
apache2-utils apache2.2-bin apache2.2-common libapr1 libaprutil1 libaprutil1-dbd-sqlite3
libaprutil1-ldap libonig2 libqdbm14 php5-common ssl-cert
Suggested packages:
apache2-doc apache2-suexec apache2-suexec-custom php5-gd php-pear openssl-blacklist
The following NEW packages will be installed:
apache2-mpm-worker apache2-utils apache2.2-bin apache2.2-common libapache2-mod-fastcgi libapr1
libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap libonig2 libqdbm14 php-apc php5-common php5-curl
php5-fpm ssl-cert
0 upgraded, 16 newly installed, 0 to remove and 0 not upgraded.
Need to get 5,162 kB of archives.
After this operation, 15.9 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.debian.org/debian/ wheezy/main php5-common i386 5.4.4-12 [586 kB]
Get:2 http://ftp.debian.org/debian/ wheezy/main libonig2 i386 5.9.1-1 [134 kB]
Get:3 http://ftp.debian.org/debian/ wheezy/main libqdbm14 i386 1.8.78-2 [151 kB]
Get:4 http://ftp.debian.org/debian/ wheezy/main php5-fpm i386 5.4.4-12 [2,629 kB]
Get:5 http://ftp.debian.org/debian/ wheezy/main php5-curl i386 5.4.4-12 [29.4 kB]
Get:6 http://ftp.debian.org/debian/ wheezy/main libapr1 i386 1.4.6-3 [100 kB]
Get:7 http://ftp.debian.org/debian/ wheezy/main libaprutil1 i386 1.4.1-3 [91.7 kB]
Get:8 http://ftp.debian.org/debian/ wheezy/main libaprutil1-dbd-sqlite3 i386 1.4.1-3 [18.9 kB]
Get:9 http://ftp.debian.org/debian/ wheezy/main libaprutil1-ldap i386 1.4.1-3 [16.6 kB]
Get:10 http://ftp.debian.org/debian/ wheezy/main apache2.2-bin i386 2.2.22-12 [771 kB]
Get:11 http://ftp.debian.org/debian/ wheezy/main apache2-utils i386 2.2.22-12 [162 kB]
Get:12 http://ftp.debian.org/debian/ wheezy/main apache2.2-common i386 2.2.22-12 [290 kB]
Get:13 http://ftp.debian.org/debian/ wheezy/main apache2-mpm-worker i386 2.2.22-12 [2,246 B]
Get:14 http://ftp.debian.org/debian/ wheezy/non-free libapache2-mod-fastcgi i386 2.4.7~0910052141-1 [70.1 kB]
Get:15 http://ftp.debian.org/debian/ wheezy/main php-apc i386 3.1.13-1 [90.0 kB]
Get:16 http://ftp.debian.org/debian/ wheezy/main ssl-cert all 1.0.32 [19.5 kB]
Fetched 5,162 kB in 5s (1,013 kB/s)
Preconfiguring packages ...
Selecting previously unselected package php5-common.
(Reading database ... 30378 files and directories currently installed.)
Unpacking php5-common (from .../php5-common_5.4.4-12_i386.deb) ...
Selecting previously unselected package libonig2.
Unpacking libonig2 (from .../libonig2_5.9.1-1_i386.deb) ...
Selecting previously unselected package libqdbm14.
Unpacking libqdbm14 (from .../libqdbm14_1.8.78-2_i386.deb) ...
Selecting previously unselected package php5-fpm.
Unpacking php5-fpm (from .../php5-fpm_5.4.4-12_i386.deb) ...
Selecting previously unselected package php5-curl.
Unpacking php5-curl (from .../php5-curl_5.4.4-12_i386.deb) ...
Selecting previously unselected package libapr1.
Unpacking libapr1 (from .../libapr1_1.4.6-3_i386.deb) ...
Selecting previously unselected package libaprutil1.
Unpacking libaprutil1 (from .../libaprutil1_1.4.1-3_i386.deb) ...
Selecting previously unselected package libaprutil1-dbd-sqlite3.
Unpacking libaprutil1-dbd-sqlite3 (from .../libaprutil1-dbd-sqlite3_1.4.1-3_i386.deb) ...
Selecting previously unselected package libaprutil1-ldap.
Unpacking libaprutil1-ldap (from .../libaprutil1-ldap_1.4.1-3_i386.deb) ...
Selecting previously unselected package apache2.2-bin.
Unpacking apache2.2-bin (from .../apache2.2-bin_2.2.22-12_i386.deb) ...
Selecting previously unselected package apache2-utils.
Unpacking apache2-utils (from .../apache2-utils_2.2.22-12_i386.deb) ...
Selecting previously unselected package apache2.2-common.
Unpacking apache2.2-common (from .../apache2.2-common_2.2.22-12_i386.deb) ...
Selecting previously unselected package apache2-mpm-worker.
Unpacking apache2-mpm-worker (from .../apache2-mpm-worker_2.2.22-12_i386.deb) ...
Selecting previously unselected package libapache2-mod-fastcgi.
Unpacking libapache2-mod-fastcgi (from .../libapache2-mod-fastcgi_2.4.7~0910052141-1_i386.deb) ...
Selecting previously unselected package php-apc.
Unpacking php-apc (from .../php-apc_3.1.13-1_i386.deb) ...
Selecting previously unselected package ssl-cert.
Unpacking ssl-cert (from .../ssl-cert_1.0.32_all.deb) ...
Processing triggers for man-db ...
Setting up php5-common (5.4.4-12) ...
Creating config file /etc/php5/mods-available/pdo.ini with new version
Setting up libonig2 (5.9.1-1) ...
Setting up libqdbm14 (1.8.78-2) ...
Setting up php5-fpm (5.4.4-12) ...
Creating config file /etc/php5/fpm/php.ini with new version
Setting up php5-curl (5.4.4-12) ...
Creating config file /etc/php5/mods-available/curl.ini with new version
Setting up libapr1 (1.4.6-3) ...
Setting up libaprutil1 (1.4.1-3) ...
Setting up libaprutil1-dbd-sqlite3 (1.4.1-3) ...
Setting up libaprutil1-ldap (1.4.1-3) ...
Setting up apache2.2-bin (2.2.22-12) ...
Setting up apache2-utils (2.2.22-12) ...
Setting up apache2.2-common (2.2.22-12) ...
Enabling site default.
Enabling module alias.
Enabling module autoindex.
Enabling module dir.
Enabling module env.
Enabling module mime.
Enabling module negotiation.
Enabling module setenvif.
Enabling module status.
Enabling module auth_basic.
Enabling module deflate.
Enabling module authz_default.
Enabling module authz_user.
Enabling module authz_groupfile.
Enabling module authn_file.
Enabling module authz_host.
Enabling module reqtimeout.
Setting up apache2-mpm-worker (2.2.22-12) ...
[ ok ] Starting web server: apache2.
Setting up libapache2-mod-fastcgi (2.4.7~0910052141-1) ...
Enabling module fastcgi.
To activate the new configuration, you need to run:
service apache2 restart
Setting up php-apc (3.1.13-1) ...
Setting up ssl-cert (1.0.32) ...
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
==========
vi /etc/php5/fpm/conf.d/20-apc.ini
-----/etc/php5/fpm/conf.d/20-apc.ini-----
extension=apc.so
apc.enabled=1
apc.stat=0
apc.mmap_file_mask = /tmp/apc-XXXXXX
apc.enable_cli = 0
apc.max_file_size = 2M
apc.stat_ctime = 0
apc.shm_size = 128M
apc.canonicalize=0
----------
vi /etc/apache2/mods-available/fastcgi.conf
-----/etc/apache2/mods-available/fastcgi.conf-----
FastCgiIpcDir /var/lib/apache2/fastcgi
AddHandler php5-fcgi .php
Action php5-fcgi /fcgi-bin
----------
mv /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/default.conf
vi /etc/php5/fpm/pool.d/default.conf
-----/etc/php5/fpm/pool.d/default.conf-----
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[default]
; Per pool prefix
; It only applies on the following directives:
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = www-data
group = www-data
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/www/.sockets/default.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = www-data
;listen.group = www-data
;listen.mode = 0666
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
;pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
----------
apt-get install rssh
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
cvs rdist rsync subversion makejail
The following NEW packages will be installed:
rssh
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 64.8 kB of archives.
After this operation, 180 kB of additional disk space will be used.
Get:1 http://ftp.debian.org/debian/ wheezy/main rssh i386 2.3.3-6 [64.8 kB]
Fetched 64.8 kB in 1s (54.7 kB/s)
Preconfiguring packages ...
Selecting previously unselected package rssh.
(Reading database ... 31051 files and directories currently installed.)
Unpacking rssh (from .../archives/rssh_2.3.3-6_i386.deb) ...
Processing triggers for man-db ...
Setting up rssh (2.3.3-6) ...
==========
vi /etc/rssh.conf
-----/etc/rssh.conf-----
# This is the default rssh config file
# set the log facility. "LOG_USER" and "user" are equivalent.
logfacility = LOG_USER
# Leave these all commented out to make the default action for rssh to lock
# users out completely...
#allowscp
allowsftp
#allowcvs
#allowrdist
#allowrsync
#allowsvnserve
# set the default umask
umask = 022
# If you want to chroot users, use this to set the directory where the root of
# the chroot jail will be located.
#
# if you DO NOT want to chroot users, LEAVE THIS COMMENTED OUT.
# chrootpath = /usr/local/chroot
# You can quote anywhere, but quotes not required unless the path contains a
# space... as in this example.
#chrootpath = "/usr/local/my chroot"
##########################################
# EXAMPLES of configuring per-user options
#user=rudy:077:000100: # the path can simply be left out to not chroot
#user=rudy:077:000100 # the ending colon is optional
#user=rudy:011:001000: # cvs, with no chroot
#user=rudy:011:010000: # rdist, with no chroot
#user=rudy:011:100000: # rsync, with no chroot
#user=rudy:011:000001: # svnserve, with no chroot
#user="rudy:011:000010:/usr/local/chroot" # whole user string can be quoted
#user=rudy:01"1:000010:/usr/local/chroot" # or somewhere in the middle, freak!
#user=rudy:'011:000010:/usr/local/chroot' # single quotes too
# if your chroot_path contains spaces, it must be quoted...
# In the following examples, the chroot_path is "/usr/local/my chroot"
#user=rudy:011:000010:"/usr/local/my chroot" # scp with chroot
#user=rudy:011:000100:"/usr/local/my chroot" # sftp with chroot
#user=rudy:011:000110:"/usr/local/my chroot" # both with chroot
# Spaces before or after the '=' are fine, but spaces in chrootpath need
# quotes.
#user = "rudy:011:000010:/usr/local/my chroot"
#user = "rudy:011:000010:/usr/local/my chroot" # neither do comments at line end
#user="username:770:000100:/home/username"
----------
a2enmod actions ssl
=====Output=====
Enabling module actions.
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
service apache2 restart
==========
restart php5-fpm
service php5-fpm restart
=====Output=====
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
==========
restart apache, not reload
service apache2 restart
=====Output=====
[ ok ] Restarting web server: apache2 ... waiting ..
==========
apt-get install php-pear imagemagick re2c libmagickwand-dev php5-dev make wkhtmltopdf xvfb msttcorefonts
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'ttf-mscorefonts-installer' instead of 'msttcorefonts'
imagemagick is already the newest version.
imagemagick set to manually installed.
The following extra packages will be installed:
autoconf automake autotools-dev binutils cabextract cpp cpp-4.7 gcc gcc-4.7 gir1.2-freedesktop
gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-rsvg-2.0 javascript-common libaudio2 libaudit0 libbz2-dev
libc-dev-bin libc6-dev libcairo-gobject2 libcairo-script-interpreter2 libcairo2-dev libcdt4 libcgraph5
libdjvulibre-dev libelf1 libexif-dev libexif12 libexpat1-dev libfontconfig1-dev libfontenc1
libfreetype6-dev libgdk-pixbuf2.0-dev libgirepository-1.0-1 libglib2.0-bin libglib2.0-dev libgmp10
libgraph4 libgraphviz-dev libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libgvc5 libgvpr1
libice-dev libilmbase-dev libitm1 libjasper-dev libjbig-dev libjpeg8-dev libjs-jquery liblcms1-dev
liblqr-1-0-dev libltdl-dev libmagickcore-dev libmng1 libmpc2 libmpfr4 libopenexr-dev liborc-0.4-0
libpathplan4 libpcre3-dev libpcrecpp0 libpixman-1-dev libpng12-dev libpthread-stubs0
libpthread-stubs0-dev libqt4-network libqt4-xml libqtcore4 libqtdbus4 libqtgui4 libqtwebkit4
librsvg2-dev libsm-dev libssl-dev libssl-doc libtiff4-dev libtiffxx0c2 libtool libwmf-dev libx11-dev
libx11-doc libxau-dev libxcb-render0-dev libxcb-shm0-dev libxcb1-dev libxdmcp-dev libxdot4 libxext-dev
libxfont1 libxkbfile1 libxml2-dev libxmuu1 libxrender-dev libxt-dev linux-libc-dev manpages-dev
php5-cli pkg-config shtool wwwconfig-common x11-xkb-utils x11proto-core-dev x11proto-input-dev
x11proto-kb-dev x11proto-render-dev x11proto-xext-dev xauth xfonts-base xfonts-encodings xfonts-utils
xorg-sgml-doctools xserver-common xtrans-dev zlib1g-dev
Suggested packages:
autoconf2.13 autoconf-archive gnu-standards autoconf-doc gettext binutils-doc cpp-doc gcc-4.7-locales
gcc-multilib automake1.9 flex bison gdb gcc-doc gcc-4.7-multilib libmudflap0-4.7-dev gcc-4.7-doc
libgcc1-dbg libgomp1-dbg libitm1-dbg libquadmath0-dbg libmudflap0-dbg libcloog-ppl0 libppl-c2 libppl7
binutils-gold nas glibc-doc libcairo2-doc libglib2.0-doc libvisual-0.4-plugins gstreamer-codec-install
gnome-codec-install gstreamer0.10-tools gstreamer0.10-plugins-base libice-doc libtool-doc libicu48
qt4-qtconfig librsvg2-doc libsm-doc automaken gfortran fortran95-compiler gcj libwmf-doc libxcb-doc
libxext-doc libxt-doc make-doc mysql-client postgresql-client xfs xserver
The following NEW packages will be installed:
autoconf automake autotools-dev binutils cabextract cpp cpp-4.7 gcc gcc-4.7 gir1.2-freedesktop
gir1.2-gdkpixbuf-2.0 gir1.2-glib-2.0 gir1.2-rsvg-2.0 javascript-common libaudio2 libaudit0 libbz2-dev
libc-dev-bin libc6-dev libcairo-gobject2 libcairo-script-interpreter2 libcairo2-dev libcdt4 libcgraph5
libdjvulibre-dev libelf1 libexif-dev libexif12 libexpat1-dev libfontconfig1-dev libfontenc1
libfreetype6-dev libgdk-pixbuf2.0-dev libgirepository-1.0-1 libglib2.0-bin libglib2.0-dev libgmp10
libgraph4 libgraphviz-dev libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libgvc5 libgvpr1
libice-dev libilmbase-dev libitm1 libjasper-dev libjbig-dev libjpeg8-dev libjs-jquery liblcms1-dev
liblqr-1-0-dev libltdl-dev libmagickcore-dev libmagickwand-dev libmng1 libmpc2 libmpfr4 libopenexr-dev
liborc-0.4-0 libpathplan4 libpcre3-dev libpcrecpp0 libpixman-1-dev libpng12-dev libpthread-stubs0
libpthread-stubs0-dev libqt4-network libqt4-xml libqtcore4 libqtdbus4 libqtgui4 libqtwebkit4
librsvg2-dev libsm-dev libssl-dev libssl-doc libtiff4-dev libtiffxx0c2 libtool libwmf-dev libx11-dev
libx11-doc libxau-dev libxcb-render0-dev libxcb-shm0-dev libxcb1-dev libxdmcp-dev libxdot4 libxext-dev
libxfont1 libxkbfile1 libxml2-dev libxmuu1 libxrender-dev libxt-dev linux-libc-dev make manpages-dev
php-pear php5-cli php5-dev pkg-config re2c shtool ttf-mscorefonts-installer wkhtmltopdf
wwwconfig-common x11-xkb-utils x11proto-core-dev x11proto-input-dev x11proto-kb-dev x11proto-render-dev
x11proto-xext-dev xauth xfonts-base xfonts-encodings xfonts-utils xorg-sgml-doctools xserver-common
xtrans-dev xvfb zlib1g-dev
0 upgraded, 123 newly installed, 0 to remove and 0 not upgraded.
Need to get 87.8 MB of archives.
After this operation, 242 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.debian.org/debian/ wheezy/main libaudio2 i386 1.9.3-5 [87.0 kB]
Get:2 http://ftp.debian.org/debian/ wheezy/main libcairo-gobject2 i386 1.12.2-2 [437 kB]
Get:3 http://ftp.debian.org/debian/ wheezy/main libcairo-script-interpreter2 i386 1.12.2-2 [483 kB]
Get:4 http://ftp.debian.org/debian/ wheezy/main libexif12 i386 0.6.20-3 [584 kB]
Get:5 http://ftp.debian.org/debian/ wheezy/main libfontenc1 i386 1:1.1.1-1 [24.2 kB]
Get:6 http://ftp.debian.org/debian/ wheezy/main libelf1 i386 0.152-1+wheezy1 [301 kB]
Get:7 http://ftp.debian.org/debian/ wheezy/main libglib2.0-bin i386 2.33.12+really2.32.4-3 [866 kB]
Get:8 http://ftp.debian.org/debian/ wheezy/main libgmp10 i386 2:5.0.5+dfsg-2 [263 kB]
Get:9 http://ftp.debian.org/debian/ wheezy/main libgstreamer0.10-0 i386 0.10.36-1 [1,741 kB]
Get:10 http://ftp.debian.org/debian/ wheezy/main liborc-0.4-0 i386 1:0.4.16-2 [189 kB]
Get:11 http://ftp.debian.org/debian/ wheezy/main libgstreamer-plugins-base0.10-0 i386 0.10.36-1 [1,179 kB]
Get:12 http://ftp.debian.org/debian/ wheezy/main libitm1 i386 4.7.2-5 [36.2 kB]
Get:13 http://ftp.debian.org/debian/ wheezy/main libmng1 i386 1.0.10-3 [237 kB]
Get:14 http://ftp.debian.org/debian/ wheezy/main libmpfr4 i386 3.1.0-5 [535 kB]
Get:15 http://ftp.debian.org/debian/ wheezy/main libpcrecpp0 i386 1:8.30-5 [126 kB]
Get:16 http://ftp.debian.org/debian/ wheezy/main libqtcore4 i386 4:4.8.2+dfsg-10 [2,145 kB]
Get:17 http://ftp.debian.org/debian/ wheezy/main libqt4-xml i386 4:4.8.2+dfsg-10 [134 kB]
Get:18 http://ftp.debian.org/debian/ wheezy/main libqtdbus4 i386 4:4.8.2+dfsg-10 [227 kB]
Get:19 http://ftp.debian.org/debian/ wheezy/main libqt4-network i386 4:4.8.2+dfsg-10 [594 kB]
Get:20 http://ftp.debian.org/debian/ wheezy/main libqtgui4 i386 4:4.8.2+dfsg-10 [4,202 kB]
Get:21 http://ftp.debian.org/debian/ wheezy/main libqtwebkit4 i386 2.2.1-5 [5,912 kB]
Get:22 http://ftp.debian.org/debian/ wheezy/main libtiffxx0c2 i386 3.9.6-11 [63.8 kB]
Get:23 http://ftp.debian.org/debian/ wheezy/main libxkbfile1 i386 1:1.0.8-1 [81.7 kB]
Get:24 http://ftp.debian.org/debian/ wheezy/main libxmuu1 i386 2:1.1.1-1 [23.7 kB]
Get:25 http://ftp.debian.org/debian/ wheezy/main libjbig-dev i386 2.0-2 [11.3 kB]
Get:26 http://ftp.debian.org/debian/ wheezy/main libmpc2 i386 0.9-4 [41.3 kB]
Get:27 http://ftp.debian.org/debian/ wheezy/main autoconf all 2.69-1 [589 kB]
Get:28 http://ftp.debian.org/debian/ wheezy/main autotools-dev all 20120608.1 [73.0 kB]
Get:29 http://ftp.debian.org/debian/ wheezy/main automake all 1:1.11.6-1 [607 kB]
Get:30 http://ftp.debian.org/debian/ wheezy/main binutils i386 2.22-7.1 [4,565 kB]
Get:31 http://ftp.debian.org/debian/ wheezy/main cabextract i386 1.4-3 [51.0 kB]
Get:32 http://ftp.debian.org/debian/ wheezy/main cpp-4.7 i386 4.7.2-5 [5,213 kB]
Get:33 http://ftp.debian.org/debian/ wheezy/main cpp i386 4:4.7.2-1 [16.6 kB]
Get:34 http://ftp.debian.org/debian/ wheezy/main gcc-4.7 i386 4.7.2-5 [8,267 kB]
Get:35 http://ftp.debian.org/debian/ wheezy/main gcc i386 4:4.7.2-1 [5,062 B]
Get:36 http://ftp.debian.org/debian/ wheezy/main libgirepository-1.0-1 i386 1.32.1-1 [109 kB]
Get:37 http://ftp.debian.org/debian/ wheezy/main gir1.2-glib-2.0 i386 1.32.1-1 [170 kB]
Get:38 http://ftp.debian.org/debian/ wheezy/main gir1.2-freedesktop i386 1.32.1-1 [19.9 kB]
Get:39 http://ftp.debian.org/debian/ wheezy/main gir1.2-gdkpixbuf-2.0 i386 2.26.1-1 [14.9 kB]
Get:40 http://ftp.debian.org/debian/ wheezy/main gir1.2-rsvg-2.0 i386 2.36.1-1 [160 kB]
Get:41 http://ftp.debian.org/debian/ wheezy/main wwwconfig-common all 0.2.2 [22.8 kB]
Get:42 http://ftp.debian.org/debian/ wheezy/main javascript-common all 7 [3,810 B]
Get:43 http://ftp.debian.org/debian/ wheezy/main libaudit0 i386 1:1.7.18-1.1 [68.0 kB]
Get:44 http://ftp.debian.org/debian/ wheezy/main libc-dev-bin i386 2.13-37 [218 kB]
Get:45 http://ftp.debian.org/debian/ wheezy/main linux-libc-dev i386 3.2.35-2 [797 kB]
Get:46 http://ftp.debian.org/debian/ wheezy/main libc6-dev i386 2.13-37 [4,937 kB]
Get:47 http://ftp.debian.org/debian/ wheezy/main libbz2-dev i386 1.0.6-4 [31.6 kB]
Get:48 http://ftp.debian.org/debian/ wheezy/main libexpat1-dev i386 2.1.0-1 [218 kB]
Get:49 http://ftp.debian.org/debian/ wheezy/main zlib1g-dev i386 1:1.2.7.dfsg-13 [212 kB]
Get:50 http://ftp.debian.org/debian/ wheezy/main libfreetype6-dev i386 2.4.9-1.1 [788 kB]
Get:51 http://ftp.debian.org/debian/ wheezy/main pkg-config i386 0.26-1 [58.7 kB]
Get:52 http://ftp.debian.org/debian/ wheezy/main libfontconfig1-dev i386 2.9.0-7.1 [851 kB]
Get:53 http://ftp.debian.org/debian/ wheezy/main xorg-sgml-doctools all 1:1.10-1 [24.1 kB]
Get:54 http://ftp.debian.org/debian/ wheezy/main x11proto-core-dev all 7.0.23-1 [774 kB]
Get:55 http://ftp.debian.org/debian/ wheezy/main libxau-dev i386 1:1.0.7-1 [22.3 kB]
Get:56 http://ftp.debian.org/debian/ wheezy/main libxdmcp-dev i386 1:1.1.1-1 [42.1 kB]
Get:57 http://ftp.debian.org/debian/ wheezy/main x11proto-input-dev all 2.2-1 [172 kB]
Get:58 http://ftp.debian.org/debian/ wheezy/main x11proto-kb-dev all 1.0.6-2 [269 kB]
Get:59 http://ftp.debian.org/debian/ wheezy/main xtrans-dev all 1.2.7-1 [112 kB]
Get:60 http://ftp.debian.org/debian/ wheezy/main libpthread-stubs0 i386 0.3-3 [3,228 B]
Get:61 http://ftp.debian.org/debian/ wheezy/main libpthread-stubs0-dev i386 0.3-3 [3,992 B]
Get:62 http://ftp.debian.org/debian/ wheezy/main libxcb1-dev i386 1.8.1-2 [86.3 kB]
Get:63 http://ftp.debian.org/debian/ wheezy/main libx11-dev i386 2:1.5.0-1 [1,021 kB]
Get:64 http://ftp.debian.org/debian/ wheezy/main x11proto-render-dev all 2:0.11.1-2 [20.8 kB]
Get:65 http://ftp.debian.org/debian/ wheezy/main libxrender-dev i386 1:0.9.7-1 [40.1 kB]
Get:66 http://ftp.debian.org/debian/ wheezy/main libpng12-dev i386 1.2.49-1 [267 kB]
Get:67 http://ftp.debian.org/debian/ wheezy/main libice-dev i386 2:1.0.8-2 [70.4 kB]
Get:68 http://ftp.debian.org/debian/ wheezy/main libsm-dev i386 2:1.2.1-2 [36.8 kB]
Get:69 http://ftp.debian.org/debian/ wheezy/main libpixman-1-dev i386 0.26.0-3 [471 kB]
Get:70 http://ftp.debian.org/debian/ wheezy/main libxcb-render0-dev i386 1.8.1-2 [26.1 kB]
Get:71 http://ftp.debian.org/debian/ wheezy/main libxcb-shm0-dev i386 1.8.1-2 [11.6 kB]
Get:72 http://ftp.debian.org/debian/ wheezy/main libpcre3-dev i386 1:8.30-5 [345 kB]
Get:73 http://ftp.debian.org/debian/ wheezy/main libglib2.0-dev i386 2.33.12+really2.32.4-3 [2,024 kB]
Get:74 http://ftp.debian.org/debian/ wheezy/main libcairo2-dev i386 1.12.2-2 [1,140 kB]
Get:75 http://ftp.debian.org/debian/ wheezy/main libcdt4 i386 2.26.3-12 [60.4 kB]
Get:76 http://ftp.debian.org/debian/ wheezy/main libcgraph5 i386 2.26.3-12 [89.1 kB]
Get:77 http://ftp.debian.org/debian/ wheezy/main libjpeg8-dev i386 8d-1 [232 kB]
Get:78 http://ftp.debian.org/debian/ wheezy/main libdjvulibre-dev i386 3.5.25.3-1 [1,770 kB]
Get:79 http://ftp.debian.org/debian/ wheezy/main libjs-jquery all 1.7.2+dfsg-1 [80.1 kB]
Get:80 http://ftp.debian.org/debian/ wheezy/main libexif-dev i386 0.6.20-3 [431 kB]
Get:81 http://ftp.debian.org/debian/ wheezy/main libgdk-pixbuf2.0-dev i386 2.26.1-1 [57.2 kB]
Get:82 http://ftp.debian.org/debian/ wheezy/main libgraph4 i386 2.26.3-12 [74.1 kB]
Get:83 http://ftp.debian.org/debian/ wheezy/main libpathplan4 i386 2.26.3-12 [65.3 kB]
Get:84 http://ftp.debian.org/debian/ wheezy/main libxdot4 i386 2.26.3-12 [54.5 kB]
Get:85 http://ftp.debian.org/debian/ wheezy/main libgvc5 i386 2.26.3-12 [550 kB]
Get:86 http://ftp.debian.org/debian/ wheezy/main libgvpr1 i386 2.26.3-12 [242 kB]
Get:87 http://ftp.debian.org/debian/ wheezy/main libgraphviz-dev i386 2.26.3-12 [104 kB]
Get:88 http://ftp.debian.org/debian/ wheezy/main libilmbase-dev i386 1.0.1-4 [195 kB]
Get:89 http://ftp.debian.org/debian/ wheezy/main libjasper-dev i386 1.900.1-13 [565 kB]
Get:90 http://ftp.debian.org/debian/ wheezy/main liblcms1-dev i386 1.19.dfsg-1.2 [192 kB]
Get:91 http://ftp.debian.org/debian/ wheezy/main liblqr-1-0-dev i386 0.4.1-2 [168 kB]
Get:92 http://ftp.debian.org/debian/ wheezy/main libltdl-dev i386 2.4.2-1.1 [203 kB]
Get:93 http://ftp.debian.org/debian/ wheezy/main libopenexr-dev i386 1.6.1-6 [375 kB]
Get:94 http://ftp.debian.org/debian/ wheezy/main librsvg2-dev i386 2.36.1-1 [279 kB]
Get:95 http://ftp.debian.org/debian/ wheezy/main libtiff4-dev i386 3.9.6-11 [339 kB]
Get:96 http://ftp.debian.org/debian/ wheezy/main libwmf-dev i386 0.2.8.4-10.2 [224 kB]
Get:97 http://ftp.debian.org/debian/ wheezy/main x11proto-xext-dev all 7.2.1-1 [273 kB]
Get:98 http://ftp.debian.org/debian/ wheezy/main libxext-dev i386 2:1.3.1-2 [112 kB]
Get:99 http://ftp.debian.org/debian/ wheezy/main libxml2-dev i386 2.8.0+dfsg1-7 [892 kB]
Get:100 http://ftp.debian.org/debian/ wheezy/main libxt-dev i386 1:1.1.3-1 [497 kB]
Get:101 http://ftp.debian.org/debian/ wheezy/main libmagickcore-dev i386 8:6.7.7.10-5 [1,322 kB]
Get:102 http://ftp.debian.org/debian/ wheezy/main libmagickwand-dev i386 8:6.7.7.10-5 [503 kB]
Get:103 http://ftp.debian.org/debian/ wheezy/main libssl-dev i386 1.0.1c-4 [1,588 kB]
Get:104 http://ftp.debian.org/debian/ wheezy/main libssl-doc all 1.0.1c-4 [1,200 kB]
Get:105 http://ftp.debian.org/debian/ wheezy/main libtool i386 2.4.2-1.1 [621 kB]
Get:106 http://ftp.debian.org/debian/ wheezy/main libx11-doc all 2:1.5.0-1 [3,197 kB]
Get:107 http://ftp.debian.org/debian/ wheezy/main libxfont1 i386 1:1.4.5-2 [161 kB]
Get:108 http://ftp.debian.org/debian/ wheezy/main make i386 3.81-8.2 [398 kB]
Get:109 http://ftp.debian.org/debian/ wheezy/main manpages-dev all 3.44-1 [1,737 kB]
Get:110 http://ftp.debian.org/debian/ wheezy/main php5-cli i386 5.4.4-12 [2,598 kB]
Get:111 http://ftp.debian.org/debian/ wheezy/main php-pear all 5.4.4-12 [367 kB]
Get:112 http://ftp.debian.org/debian/ wheezy/main shtool all 2.0.8-6 [159 kB]
Get:113 http://ftp.debian.org/debian/ wheezy/main php5-dev i386 5.4.4-12 [498 kB]
Get:114 http://ftp.debian.org/debian/ wheezy/main re2c i386 0.13.5-1 [215 kB]
Get:115 http://ftp.debian.org/debian/ wheezy/main xfonts-encodings all 1:1.0.4-1 [584 kB]
Get:116 http://ftp.debian.org/debian/ wheezy/main xfonts-utils i386 1:7.7~1 [95.1 kB]
Get:117 http://ftp.debian.org/debian/ wheezy/contrib ttf-mscorefonts-installer all 3.4+nmu1 [33.3 kB]
Get:118 http://ftp.debian.org/debian/ wheezy/main x11-xkb-utils i386 7.7~1 [191 kB]
Get:119 http://ftp.debian.org/debian/ wheezy/main xauth i386 1:1.0.7-1 [36.3 kB]
Get:120 http://ftp.debian.org/debian/ wheezy/main xfonts-base all 1:1.0.3 [6,181 kB]
Get:121 http://ftp.debian.org/debian/ wheezy/main xserver-common all 2:1.12.4-4 [1,396 kB]
Get:122 http://ftp.debian.org/debian/ wheezy/main xvfb i386 2:1.12.4-4 [931 kB]
Get:123 http://ftp.debian.org/debian/ wheezy/main wkhtmltopdf i386 0.9.9-4 [104 kB]
Fetched 87.8 MB in 32s (2,677 kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
Selecting previously unselected package libaudio2:i386.
(Reading database ... 31072 files and directories currently installed.)
Unpacking libaudio2:i386 (from .../libaudio2_1.9.3-5_i386.deb) ...
Selecting previously unselected package libcairo-gobject2:i386.
Unpacking libcairo-gobject2:i386 (from .../libcairo-gobject2_1.12.2-2_i386.deb) ...
Selecting previously unselected package libcairo-script-interpreter2:i386.
Unpacking libcairo-script-interpreter2:i386 (from .../libcairo-script-interpreter2_1.12.2-2_i386.deb) ...
Selecting previously unselected package libexif12:i386.
Unpacking libexif12:i386 (from .../libexif12_0.6.20-3_i386.deb) ...
Selecting previously unselected package libfontenc1:i386.
Unpacking libfontenc1:i386 (from .../libfontenc1_1%3a1.1.1-1_i386.deb) ...
Selecting previously unselected package libelf1.
Unpacking libelf1 (from .../libelf1_0.152-1+wheezy1_i386.deb) ...
Selecting previously unselected package libglib2.0-bin.
Unpacking libglib2.0-bin (from .../libglib2.0-bin_2.33.12+really2.32.4-3_i386.deb) ...
Selecting previously unselected package libgmp10:i386.
Unpacking libgmp10:i386 (from .../libgmp10_2%3a5.0.5+dfsg-2_i386.deb) ...
Selecting previously unselected package libgstreamer0.10-0:i386.
Unpacking libgstreamer0.10-0:i386 (from .../libgstreamer0.10-0_0.10.36-1_i386.deb) ...
Selecting previously unselected package liborc-0.4-0:i386.
Unpacking liborc-0.4-0:i386 (from .../liborc-0.4-0_1%3a0.4.16-2_i386.deb) ...
Selecting previously unselected package libgstreamer-plugins-base0.10-0:i386.
Unpacking libgstreamer-plugins-base0.10-0:i386 (from .../libgstreamer-plugins-base0.10-0_0.10.36-1_i386.deb) ...
Selecting previously unselected package libitm1:i386.
Unpacking libitm1:i386 (from .../libitm1_4.7.2-5_i386.deb) ...
Selecting previously unselected package libmng1:i386.
Unpacking libmng1:i386 (from .../libmng1_1.0.10-3_i386.deb) ...
Selecting previously unselected package libmpfr4:i386.
Unpacking libmpfr4:i386 (from .../libmpfr4_3.1.0-5_i386.deb) ...
Selecting previously unselected package libpcrecpp0:i386.
Unpacking libpcrecpp0:i386 (from .../libpcrecpp0_1%3a8.30-5_i386.deb) ...
Selecting previously unselected package libqtcore4:i386.
Unpacking libqtcore4:i386 (from .../libqtcore4_4%3a4.8.2+dfsg-10_i386.deb) ...
Selecting previously unselected package libqt4-xml:i386.
Unpacking libqt4-xml:i386 (from .../libqt4-xml_4%3a4.8.2+dfsg-10_i386.deb) ...
Selecting previously unselected package libqtdbus4:i386.
Unpacking libqtdbus4:i386 (from .../libqtdbus4_4%3a4.8.2+dfsg-10_i386.deb) ...
Selecting previously unselected package libqt4-network:i386.
Unpacking libqt4-network:i386 (from .../libqt4-network_4%3a4.8.2+dfsg-10_i386.deb) ...
Selecting previously unselected package libqtgui4:i386.
Unpacking libqtgui4:i386 (from .../libqtgui4_4%3a4.8.2+dfsg-10_i386.deb) ...
Selecting previously unselected package libqtwebkit4:i386.
Unpacking libqtwebkit4:i386 (from .../libqtwebkit4_2.2.1-5_i386.deb) ...
Selecting previously unselected package libtiffxx0c2:i386.
Unpacking libtiffxx0c2:i386 (from .../libtiffxx0c2_3.9.6-11_i386.deb) ...
Selecting previously unselected package libxkbfile1:i386.
Unpacking libxkbfile1:i386 (from .../libxkbfile1_1%3a1.0.8-1_i386.deb) ...
Selecting previously unselected package libxmuu1:i386.
Unpacking libxmuu1:i386 (from .../libxmuu1_2%3a1.1.1-1_i386.deb) ...
Selecting previously unselected package libjbig-dev:i386.
Unpacking libjbig-dev:i386 (from .../libjbig-dev_2.0-2_i386.deb) ...
Selecting previously unselected package libmpc2:i386.
Unpacking libmpc2:i386 (from .../libmpc2_0.9-4_i386.deb) ...
Selecting previously unselected package autoconf.
Unpacking autoconf (from .../autoconf_2.69-1_all.deb) ...
Selecting previously unselected package autotools-dev.
Unpacking autotools-dev (from .../autotools-dev_20120608.1_all.deb) ...
Selecting previously unselected package automake.
Unpacking automake (from .../automake_1%3a1.11.6-1_all.deb) ...
Selecting previously unselected package binutils.
Unpacking binutils (from .../binutils_2.22-7.1_i386.deb) ...
Selecting previously unselected package cabextract.
Unpacking cabextract (from .../cabextract_1.4-3_i386.deb) ...
Selecting previously unselected package cpp-4.7.
Unpacking cpp-4.7 (from .../cpp-4.7_4.7.2-5_i386.deb) ...
Selecting previously unselected package cpp.
Unpacking cpp (from .../cpp_4%3a4.7.2-1_i386.deb) ...
Selecting previously unselected package gcc-4.7.
Unpacking gcc-4.7 (from .../gcc-4.7_4.7.2-5_i386.deb) ...
Selecting previously unselected package gcc.
Unpacking gcc (from .../gcc_4%3a4.7.2-1_i386.deb) ...
Selecting previously unselected package libgirepository-1.0-1.
Unpacking libgirepository-1.0-1 (from .../libgirepository-1.0-1_1.32.1-1_i386.deb) ...
Selecting previously unselected package gir1.2-glib-2.0.
Unpacking gir1.2-glib-2.0 (from .../gir1.2-glib-2.0_1.32.1-1_i386.deb) ...
Selecting previously unselected package gir1.2-freedesktop.
Unpacking gir1.2-freedesktop (from .../gir1.2-freedesktop_1.32.1-1_i386.deb) ...
Selecting previously unselected package gir1.2-gdkpixbuf-2.0.
Unpacking gir1.2-gdkpixbuf-2.0 (from .../gir1.2-gdkpixbuf-2.0_2.26.1-1_i386.deb) ...
Selecting previously unselected package gir1.2-rsvg-2.0.
Unpacking gir1.2-rsvg-2.0 (from .../gir1.2-rsvg-2.0_2.36.1-1_i386.deb) ...
Selecting previously unselected package wwwconfig-common.
Unpacking wwwconfig-common (from .../wwwconfig-common_0.2.2_all.deb) ...
Selecting previously unselected package javascript-common.
Unpacking javascript-common (from .../javascript-common_7_all.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1%3a1.7.18-1.1_i386.deb) ...
Selecting previously unselected package libc-dev-bin.
Unpacking libc-dev-bin (from .../libc-dev-bin_2.13-37_i386.deb) ...
Selecting previously unselected package linux-libc-dev:i386.
Unpacking linux-libc-dev:i386 (from .../linux-libc-dev_3.2.35-2_i386.deb) ...
Selecting previously unselected package libc6-dev:i386.
Unpacking libc6-dev:i386 (from .../libc6-dev_2.13-37_i386.deb) ...
Selecting previously unselected package libbz2-dev:i386.
Unpacking libbz2-dev:i386 (from .../libbz2-dev_1.0.6-4_i386.deb) ...
Selecting previously unselected package libexpat1-dev.
Unpacking libexpat1-dev (from .../libexpat1-dev_2.1.0-1_i386.deb) ...
Selecting previously unselected package zlib1g-dev:i386.
Unpacking zlib1g-dev:i386 (from .../zlib1g-dev_1%3a1.2.7.dfsg-13_i386.deb) ...
Selecting previously unselected package libfreetype6-dev.
Unpacking libfreetype6-dev (from .../libfreetype6-dev_2.4.9-1.1_i386.deb) ...
Selecting previously unselected package pkg-config.
Unpacking pkg-config (from .../pkg-config_0.26-1_i386.deb) ...
Selecting previously unselected package libfontconfig1-dev.
Unpacking libfontconfig1-dev (from .../libfontconfig1-dev_2.9.0-7.1_i386.deb) ...
Selecting previously unselected package xorg-sgml-doctools.
Unpacking xorg-sgml-doctools (from .../xorg-sgml-doctools_1%3a1.10-1_all.deb) ...
Selecting previously unselected package x11proto-core-dev.
Unpacking x11proto-core-dev (from .../x11proto-core-dev_7.0.23-1_all.deb) ...
Selecting previously unselected package libxau-dev:i386.
Unpacking libxau-dev:i386 (from .../libxau-dev_1%3a1.0.7-1_i386.deb) ...
Selecting previously unselected package libxdmcp-dev:i386.
Unpacking libxdmcp-dev:i386 (from .../libxdmcp-dev_1%3a1.1.1-1_i386.deb) ...
Selecting previously unselected package x11proto-input-dev.
Unpacking x11proto-input-dev (from .../x11proto-input-dev_2.2-1_all.deb) ...
Selecting previously unselected package x11proto-kb-dev.
Unpacking x11proto-kb-dev (from .../x11proto-kb-dev_1.0.6-2_all.deb) ...
Selecting previously unselected package xtrans-dev.
Unpacking xtrans-dev (from .../xtrans-dev_1.2.7-1_all.deb) ...
Selecting previously unselected package libpthread-stubs0:i386.
Unpacking libpthread-stubs0:i386 (from .../libpthread-stubs0_0.3-3_i386.deb) ...
Selecting previously unselected package libpthread-stubs0-dev:i386.
Unpacking libpthread-stubs0-dev:i386 (from .../libpthread-stubs0-dev_0.3-3_i386.deb) ...
Selecting previously unselected package libxcb1-dev:i386.
Unpacking libxcb1-dev:i386 (from .../libxcb1-dev_1.8.1-2_i386.deb) ...
Selecting previously unselected package libx11-dev:i386.
Unpacking libx11-dev:i386 (from .../libx11-dev_2%3a1.5.0-1_i386.deb) ...
Selecting previously unselected package x11proto-render-dev.
Unpacking x11proto-render-dev (from .../x11proto-render-dev_2%3a0.11.1-2_all.deb) ...
Selecting previously unselected package libxrender-dev:i386.
Unpacking libxrender-dev:i386 (from .../libxrender-dev_1%3a0.9.7-1_i386.deb) ...
Selecting previously unselected package libpng12-dev.
Unpacking libpng12-dev (from .../libpng12-dev_1.2.49-1_i386.deb) ...
Selecting previously unselected package libice-dev:i386.
Unpacking libice-dev:i386 (from .../libice-dev_2%3a1.0.8-2_i386.deb) ...
Selecting previously unselected package libsm-dev:i386.
Unpacking libsm-dev:i386 (from .../libsm-dev_2%3a1.2.1-2_i386.deb) ...
Selecting previously unselected package libpixman-1-dev.
Unpacking libpixman-1-dev (from .../libpixman-1-dev_0.26.0-3_i386.deb) ...
Selecting previously unselected package libxcb-render0-dev:i386.
Unpacking libxcb-render0-dev:i386 (from .../libxcb-render0-dev_1.8.1-2_i386.deb) ...
Selecting previously unselected package libxcb-shm0-dev:i386.
Unpacking libxcb-shm0-dev:i386 (from .../libxcb-shm0-dev_1.8.1-2_i386.deb) ...
Selecting previously unselected package libpcre3-dev.
Unpacking libpcre3-dev (from .../libpcre3-dev_1%3a8.30-5_i386.deb) ...
Selecting previously unselected package libglib2.0-dev.
Unpacking libglib2.0-dev (from .../libglib2.0-dev_2.33.12+really2.32.4-3_i386.deb) ...
Selecting previously unselected package libcairo2-dev.
Unpacking libcairo2-dev (from .../libcairo2-dev_1.12.2-2_i386.deb) ...
Selecting previously unselected package libcdt4.
Unpacking libcdt4 (from .../libcdt4_2.26.3-12_i386.deb) ...
Selecting previously unselected package libcgraph5.
Unpacking libcgraph5 (from .../libcgraph5_2.26.3-12_i386.deb) ...
Selecting previously unselected package libjpeg8-dev:i386.
Unpacking libjpeg8-dev:i386 (from .../libjpeg8-dev_8d-1_i386.deb) ...
Selecting previously unselected package libdjvulibre-dev.
Unpacking libdjvulibre-dev (from .../libdjvulibre-dev_3.5.25.3-1_i386.deb) ...
Selecting previously unselected package libjs-jquery.
Unpacking libjs-jquery (from .../libjs-jquery_1.7.2+dfsg-1_all.deb) ...
Selecting previously unselected package libexif-dev.
Unpacking libexif-dev (from .../libexif-dev_0.6.20-3_i386.deb) ...
Selecting previously unselected package libgdk-pixbuf2.0-dev.
Unpacking libgdk-pixbuf2.0-dev (from .../libgdk-pixbuf2.0-dev_2.26.1-1_i386.deb) ...
Selecting previously unselected package libgraph4.
Unpacking libgraph4 (from .../libgraph4_2.26.3-12_i386.deb) ...
Selecting previously unselected package libpathplan4.
Unpacking libpathplan4 (from .../libpathplan4_2.26.3-12_i386.deb) ...
Selecting previously unselected package libxdot4.
Unpacking libxdot4 (from .../libxdot4_2.26.3-12_i386.deb) ...
Selecting previously unselected package libgvc5.
Unpacking libgvc5 (from .../libgvc5_2.26.3-12_i386.deb) ...
Selecting previously unselected package libgvpr1.
Unpacking libgvpr1 (from .../libgvpr1_2.26.3-12_i386.deb) ...
Selecting previously unselected package libgraphviz-dev.
Unpacking libgraphviz-dev (from .../libgraphviz-dev_2.26.3-12_i386.deb) ...
Selecting previously unselected package libilmbase-dev.
Unpacking libilmbase-dev (from .../libilmbase-dev_1.0.1-4_i386.deb) ...
Selecting previously unselected package libjasper-dev.
Unpacking libjasper-dev (from .../libjasper-dev_1.900.1-13_i386.deb) ...
Selecting previously unselected package liblcms1-dev:i386.
Unpacking liblcms1-dev:i386 (from .../liblcms1-dev_1.19.dfsg-1.2_i386.deb) ...
Selecting previously unselected package liblqr-1-0-dev.
Unpacking liblqr-1-0-dev (from .../liblqr-1-0-dev_0.4.1-2_i386.deb) ...
Selecting previously unselected package libltdl-dev:i386.
Unpacking libltdl-dev:i386 (from .../libltdl-dev_2.4.2-1.1_i386.deb) ...
Selecting previously unselected package libopenexr-dev.
Unpacking libopenexr-dev (from .../libopenexr-dev_1.6.1-6_i386.deb) ...
Selecting previously unselected package librsvg2-dev.
Unpacking librsvg2-dev (from .../librsvg2-dev_2.36.1-1_i386.deb) ...
Selecting previously unselected package libtiff4-dev.
Unpacking libtiff4-dev (from .../libtiff4-dev_3.9.6-11_i386.deb) ...
Selecting previously unselected package libwmf-dev.
Unpacking libwmf-dev (from .../libwmf-dev_0.2.8.4-10.2_i386.deb) ...
Selecting previously unselected package x11proto-xext-dev.
Unpacking x11proto-xext-dev (from .../x11proto-xext-dev_7.2.1-1_all.deb) ...
Selecting previously unselected package libxext-dev:i386.
Unpacking libxext-dev:i386 (from .../libxext-dev_2%3a1.3.1-2_i386.deb) ...
Selecting previously unselected package libxml2-dev:i386.
Unpacking libxml2-dev:i386 (from .../libxml2-dev_2.8.0+dfsg1-7_i386.deb) ...
Selecting previously unselected package libxt-dev:i386.
Unpacking libxt-dev:i386 (from .../libxt-dev_1%3a1.1.3-1_i386.deb) ...
Selecting previously unselected package libmagickcore-dev.
Unpacking libmagickcore-dev (from .../libmagickcore-dev_8%3a6.7.7.10-5_i386.deb) ...
Selecting previously unselected package libmagickwand-dev.
Unpacking libmagickwand-dev (from .../libmagickwand-dev_8%3a6.7.7.10-5_i386.deb) ...
Selecting previously unselected package libssl-dev.
Unpacking libssl-dev (from .../libssl-dev_1.0.1c-4_i386.deb) ...
Selecting previously unselected package libssl-doc.
Unpacking libssl-doc (from .../libssl-doc_1.0.1c-4_all.deb) ...
Selecting previously unselected package libtool.
Unpacking libtool (from .../libtool_2.4.2-1.1_i386.deb) ...
Selecting previously unselected package libx11-doc.
Unpacking libx11-doc (from .../libx11-doc_2%3a1.5.0-1_all.deb) ...
Selecting previously unselected package libxfont1.
Unpacking libxfont1 (from .../libxfont1_1%3a1.4.5-2_i386.deb) ...
Selecting previously unselected package make.
Unpacking make (from .../make_3.81-8.2_i386.deb) ...
Selecting previously unselected package manpages-dev.
Unpacking manpages-dev (from .../manpages-dev_3.44-1_all.deb) ...
Selecting previously unselected package php5-cli.
Unpacking php5-cli (from .../php5-cli_5.4.4-12_i386.deb) ...
Selecting previously unselected package php-pear.
Unpacking php-pear (from .../php-pear_5.4.4-12_all.deb) ...
Selecting previously unselected package shtool.
Unpacking shtool (from .../shtool_2.0.8-6_all.deb) ...
Selecting previously unselected package php5-dev.
Unpacking php5-dev (from .../php5-dev_5.4.4-12_i386.deb) ...
Selecting previously unselected package re2c.
Unpacking re2c (from .../re2c_0.13.5-1_i386.deb) ...
Selecting previously unselected package xfonts-encodings.
Unpacking xfonts-encodings (from .../xfonts-encodings_1%3a1.0.4-1_all.deb) ...
Selecting previously unselected package xfonts-utils.
Unpacking xfonts-utils (from .../xfonts-utils_1%3a7.7~1_i386.deb) ...
Selecting previously unselected package ttf-mscorefonts-installer.
Unpacking ttf-mscorefonts-installer (from .../ttf-mscorefonts-installer_3.4+nmu1_all.deb) ...
Selecting previously unselected package x11-xkb-utils.
Unpacking x11-xkb-utils (from .../x11-xkb-utils_7.7~1_i386.deb) ...
Selecting previously unselected package xauth.
Unpacking xauth (from .../xauth_1%3a1.0.7-1_i386.deb) ...
Selecting previously unselected package xfonts-base.
Unpacking xfonts-base (from .../xfonts-base_1%3a1.0.3_all.deb) ...
Selecting previously unselected package xserver-common.
Unpacking xserver-common (from .../xserver-common_2%3a1.12.4-4_all.deb) ...
Selecting previously unselected package xvfb.
Unpacking xvfb (from .../xvfb_2%3a1.12.4-4_i386.deb) ...
Selecting previously unselected package wkhtmltopdf.
Unpacking wkhtmltopdf (from .../wkhtmltopdf_0.9.9-4_i386.deb) ...
Processing triggers for man-db ...
Processing triggers for install-info ...
Processing triggers for libglib2.0-0:i386 ...
No schema files found: doing nothing.
Processing triggers for fontconfig ...
Setting up libaudio2:i386 (1.9.3-5) ...
Setting up libcairo-gobject2:i386 (1.12.2-2) ...
Setting up libcairo-script-interpreter2:i386 (1.12.2-2) ...
Setting up libexif12:i386 (0.6.20-3) ...
Setting up libfontenc1:i386 (1:1.1.1-1) ...
Setting up libelf1 (0.152-1+wheezy1) ...
Setting up libglib2.0-bin (2.33.12+really2.32.4-3) ...
Setting up libgmp10:i386 (2:5.0.5+dfsg-2) ...
Setting up libgstreamer0.10-0:i386 (0.10.36-1) ...
Setting up liborc-0.4-0:i386 (1:0.4.16-2) ...
Setting up libgstreamer-plugins-base0.10-0:i386 (0.10.36-1) ...
Setting up libitm1:i386 (4.7.2-5) ...
Setting up libmng1:i386 (1.0.10-3) ...
Setting up libmpfr4:i386 (3.1.0-5) ...
Setting up libpcrecpp0:i386 (1:8.30-5) ...
Setting up libqtcore4:i386 (4:4.8.2+dfsg-10) ...
Setting up libqt4-xml:i386 (4:4.8.2+dfsg-10) ...
Setting up libqtdbus4:i386 (4:4.8.2+dfsg-10) ...
Setting up libqt4-network:i386 (4:4.8.2+dfsg-10) ...
Setting up libqtgui4:i386 (4:4.8.2+dfsg-10) ...
Setting up libqtwebkit4:i386 (2.2.1-5) ...
Setting up libtiffxx0c2:i386 (3.9.6-11) ...
Setting up libxkbfile1:i386 (1:1.0.8-1) ...
Setting up libxmuu1:i386 (2:1.1.1-1) ...
Setting up libjbig-dev:i386 (2.0-2) ...
Setting up libmpc2:i386 (0.9-4) ...
Setting up autoconf (2.69-1) ...
Setting up autotools-dev (20120608.1) ...
Setting up automake (1:1.11.6-1) ...
update-alternatives: using /usr/bin/automake-1.11 to provide /usr/bin/automake (automake) in auto mode
Setting up binutils (2.22-7.1) ...
Setting up cabextract (1.4-3) ...
Setting up cpp-4.7 (4.7.2-5) ...
Setting up cpp (4:4.7.2-1) ...
Setting up gcc-4.7 (4.7.2-5) ...
Setting up gcc (4:4.7.2-1) ...
Setting up libgirepository-1.0-1 (1.32.1-1) ...
Setting up gir1.2-glib-2.0 (1.32.1-1) ...
Setting up gir1.2-freedesktop (1.32.1-1) ...
Setting up gir1.2-gdkpixbuf-2.0 (2.26.1-1) ...
Setting up gir1.2-rsvg-2.0 (2.36.1-1) ...
Setting up wwwconfig-common (0.2.2) ...
Setting up javascript-common (7) ...
Setting up libaudit0 (1:1.7.18-1.1) ...
Setting up libc-dev-bin (2.13-37) ...
Setting up linux-libc-dev:i386 (3.2.35-2) ...
Setting up libc6-dev:i386 (2.13-37) ...
Setting up libbz2-dev:i386 (1.0.6-4) ...
Setting up libexpat1-dev (2.1.0-1) ...
Setting up zlib1g-dev:i386 (1:1.2.7.dfsg-13) ...
Setting up libfreetype6-dev (2.4.9-1.1) ...
Setting up pkg-config (0.26-1) ...
Setting up libfontconfig1-dev (2.9.0-7.1) ...
Setting up xorg-sgml-doctools (1:1.10-1) ...
Setting up x11proto-core-dev (7.0.23-1) ...
Setting up libxau-dev:i386 (1:1.0.7-1) ...
Setting up libxdmcp-dev:i386 (1:1.1.1-1) ...
Setting up x11proto-input-dev (2.2-1) ...
Setting up x11proto-kb-dev (1.0.6-2) ...
Setting up xtrans-dev (1.2.7-1) ...
Setting up libpthread-stubs0:i386 (0.3-3) ...
Setting up libpthread-stubs0-dev:i386 (0.3-3) ...
Setting up libxcb1-dev:i386 (1.8.1-2) ...
Setting up libx11-dev:i386 (2:1.5.0-1) ...
Setting up x11proto-render-dev (2:0.11.1-2) ...
Setting up libxrender-dev:i386 (1:0.9.7-1) ...
Setting up libpng12-dev (1.2.49-1) ...
Setting up libice-dev:i386 (2:1.0.8-2) ...
Setting up libsm-dev:i386 (2:1.2.1-2) ...
Setting up libpixman-1-dev (0.26.0-3) ...
Setting up libxcb-render0-dev:i386 (1.8.1-2) ...
Setting up libxcb-shm0-dev:i386 (1.8.1-2) ...
Setting up libpcre3-dev (1:8.30-5) ...
Setting up libglib2.0-dev (2.33.12+really2.32.4-3) ...
Setting up libcairo2-dev (1.12.2-2) ...
Setting up libcdt4 (2.26.3-12) ...
Setting up libcgraph5 (2.26.3-12) ...
Setting up libjpeg8-dev:i386 (8d-1) ...
Setting up libdjvulibre-dev (3.5.25.3-1) ...
Setting up libjs-jquery (1.7.2+dfsg-1) ...
Setting up libexif-dev (0.6.20-3) ...
Setting up libgdk-pixbuf2.0-dev (2.26.1-1) ...
Setting up libgraph4 (2.26.3-12) ...
Setting up libpathplan4 (2.26.3-12) ...
Setting up libxdot4 (2.26.3-12) ...
Setting up libgvc5 (2.26.3-12) ...
Setting up libgvpr1 (2.26.3-12) ...
Setting up libgraphviz-dev (2.26.3-12) ...
Setting up libilmbase-dev (1.0.1-4) ...
Setting up libjasper-dev (1.900.1-13) ...
Setting up liblcms1-dev:i386 (1.19.dfsg-1.2) ...
Setting up liblqr-1-0-dev (0.4.1-2) ...
Setting up libltdl-dev:i386 (2.4.2-1.1) ...
Setting up libopenexr-dev (1.6.1-6) ...
Setting up librsvg2-dev (2.36.1-1) ...
Setting up libtiff4-dev (3.9.6-11) ...
Setting up libwmf-dev (0.2.8.4-10.2) ...
Setting up x11proto-xext-dev (7.2.1-1) ...
Setting up libxext-dev:i386 (2:1.3.1-2) ...
Setting up libxml2-dev:i386 (2.8.0+dfsg1-7) ...
Setting up libxt-dev:i386 (1:1.1.3-1) ...
Setting up libmagickcore-dev (8:6.7.7.10-5) ...
Setting up libmagickwand-dev (8:6.7.7.10-5) ...
Setting up libssl-dev (1.0.1c-4) ...
Setting up libssl-doc (1.0.1c-4) ...
Setting up libtool (2.4.2-1.1) ...
Setting up libx11-doc (2:1.5.0-1) ...
Setting up libxfont1 (1:1.4.5-2) ...
Setting up make (3.81-8.2) ...
Setting up manpages-dev (3.44-1) ...
Setting up php5-cli (5.4.4-12) ...
Creating config file /etc/php5/cli/php.ini with new version
update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode
Setting up php-pear (5.4.4-12) ...
Setting up shtool (2.0.8-6) ...
Setting up php5-dev (5.4.4-12) ...
update-alternatives: using /usr/bin/php-config5 to provide /usr/bin/php-config (php-config) in auto mode
update-alternatives: using /usr/bin/phpize5 to provide /usr/bin/phpize (phpize) in auto mode
Setting up re2c (0.13.5-1) ...
Setting up xfonts-encodings (1:1.0.4-1) ...
Setting up xfonts-utils (1:7.7~1) ...
Setting up ttf-mscorefonts-installer (3.4+nmu1) ...
These fonts were provided by Microsoft "in the interest of cross-
platform compatibility". This is no longer the case, but they are
still available from third parties.
You are free to download these fonts and use them for your own use,
but you may not redistribute them in modified form, including changes
to the file name or packaging format.
--2013-02-01 14:43:58-- http://downloads.sourceforge.net/corefonts/andale32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe [following]
--2013-02-01 14:43:59-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe [following]
--2013-02-01 14:43:59-- http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/andale32.exe
Resolving hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)... 74.50.101.106
Connecting to hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)|74.50.101.106|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 198384 (194K) [application/octet-stream]
Saving to: `./andale32.exe'
0K .......... .......... .......... .......... .......... 25% 337K 0s
50K .......... .......... .......... .......... .......... 51% 453K 0s
100K .......... .......... .......... .......... .......... 77% 837K 0s
150K .......... .......... .......... .......... ... 100% 1.17M=0.4s
2013-02-01 14:43:59 (545 KB/s) - `./andale32.exe' saved [198384/198384]
--2013-02-01 14:43:59-- http://downloads.sourceforge.net/corefonts/arialb32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe [following]
--2013-02-01 14:43:59-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://voxel.dl.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe [following]
--2013-02-01 14:44:00-- http://voxel.dl.sourceforge.net/project/corefonts/the%20fonts/final/arialb32.exe
Resolving voxel.dl.sourceforge.net (voxel.dl.sourceforge.net)... 208.122.28.26, 208.122.28.21, 208.122.28.12
Connecting to voxel.dl.sourceforge.net (voxel.dl.sourceforge.net)|208.122.28.26|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 168176 (164K) [application/octet-stream]
Saving to: `./arialb32.exe'
0K .......... .......... .......... .......... .......... 30% 389K 0s
50K .......... .......... .......... .......... .......... 60% 649K 0s
100K .......... .......... .......... .......... .......... 91% 1.72M 0s
150K .......... .... 100% 561K=0.3s
2013-02-01 14:44:00 (634 KB/s) - `./arialb32.exe' saved [168176/168176]
--2013-02-01 14:44:00-- http://downloads.sourceforge.net/corefonts/arial32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe [following]
--2013-02-01 14:44:00-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://voxel.dl.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe [following]
--2013-02-01 14:44:00-- http://voxel.dl.sourceforge.net/project/corefonts/the%20fonts/final/arial32.exe
Resolving voxel.dl.sourceforge.net (voxel.dl.sourceforge.net)... 208.122.28.26, 208.122.28.21, 208.122.28.12
Connecting to voxel.dl.sourceforge.net (voxel.dl.sourceforge.net)|208.122.28.26|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 554208 (541K) [application/octet-stream]
Saving to: `./arial32.exe'
0K .......... .......... .......... .......... .......... 9% 460K 1s
50K .......... .......... .......... .......... .......... 18% 1.11M 1s
100K .......... .......... .......... .......... .......... 27% 1.12M 1s
150K .......... .......... .......... .......... .......... 36% 2.14M 0s
200K .......... .......... .......... .......... .......... 46% 2.17M 0s
250K .......... .......... .......... .......... .......... 55% 1.13M 0s
300K .......... .......... .......... .......... .......... 64% 2.24M 0s
350K .......... .......... .......... .......... .......... 73% 2.24M 0s
400K .......... .......... .......... .......... .......... 83% 20.5M 0s
450K .......... .......... .......... .......... .......... 92% 2.25M 0s
500K .......... .......... .......... .......... . 100% 1.95M=0.4s
2013-02-01 14:44:01 (1.42 MB/s) - `./arial32.exe' saved [554208/554208]
--2013-02-01 14:44:01-- http://downloads.sourceforge.net/corefonts/comic32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe [following]
--2013-02-01 14:44:01-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe [following]
--2013-02-01 14:44:01-- http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/comic32.exe
Resolving hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)... 74.50.101.106
Connecting to hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)|74.50.101.106|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 246008 (240K) [application/octet-stream]
Saving to: `./comic32.exe'
0K .......... .......... .......... .......... .......... 20% 281K 1s
50K .......... .......... .......... .......... .......... 41% 716K 0s
100K .......... .......... .......... .......... .......... 62% 746K 0s
150K .......... .......... .......... .......... .......... 83% 1.33M 0s
200K .......... .......... .......... .......... 100% 1.17M=0.4s
2013-02-01 14:44:02 (624 KB/s) - `./comic32.exe' saved [246008/246008]
--2013-02-01 14:44:02-- http://downloads.sourceforge.net/corefonts/courie32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe [following]
--2013-02-01 14:44:02-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe [following]
--2013-02-01 14:44:02-- http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/courie32.exe
Resolving hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)... 74.50.101.106
Connecting to hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)|74.50.101.106|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 646368 (631K) [application/octet-stream]
Saving to: `./courie32.exe'
0K .......... .......... .......... .......... .......... 7% 362K 2s
50K .......... .......... .......... .......... .......... 15% 738K 1s
100K .......... .......... .......... .......... .......... 23% 218K 1s
150K .......... .......... .......... .......... .......... 31% 1.38M 1s
200K .......... .......... .......... .......... .......... 39% 1.43M 1s
250K .......... .......... .......... .......... .......... 47% 743K 1s
300K .......... .......... .......... .......... .......... 55% 1.37M 0s
350K .......... .......... .......... .......... .......... 63% 742K 0s
400K .......... .......... .......... .......... .......... 71% 1.31M 0s
450K .......... .......... .......... .......... .......... 79% 1.43M 0s
500K .......... .......... .......... .......... .......... 87% 1.01M 0s
550K .......... .......... .......... .......... .......... 95% 1.36M 0s
600K .......... .......... .......... . 100% 918K=0.9s
2013-02-01 14:44:03 (730 KB/s) - `./courie32.exe' saved [646368/646368]
--2013-02-01 14:44:03-- http://downloads.sourceforge.net/corefonts/georgi32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe [following]
--2013-02-01 14:44:04-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe [following]
--2013-02-01 14:44:04-- http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/georgi32.exe
Resolving hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)... 74.50.101.106
Connecting to hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)|74.50.101.106|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 392440 (383K) [application/octet-stream]
Saving to: `./georgi32.exe'
0K .......... .......... .......... .......... .......... 13% 283K 1s
50K .......... .......... .......... .......... .......... 26% 685K 1s
100K .......... .......... .......... .......... .......... 39% 698K 0s
150K .......... .......... .......... .......... .......... 52% 685K 0s
200K .......... .......... .......... .......... .......... 65% 1.40M 0s
250K .......... .......... .......... .......... .......... 78% 1.35M 0s
300K .......... .......... .......... .......... .......... 91% 698K 0s
350K .......... .......... .......... ... 100% 1.82M=0.6s
2013-02-01 14:44:05 (691 KB/s) - `./georgi32.exe' saved [392440/392440]
--2013-02-01 14:44:05-- http://downloads.sourceforge.net/corefonts/impact32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe [following]
--2013-02-01 14:44:05-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://iweb.dl.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe [following]
--2013-02-01 14:44:05-- http://iweb.dl.sourceforge.net/project/corefonts/the%20fonts/final/impact32.exe
Resolving iweb.dl.sourceforge.net (iweb.dl.sourceforge.net)... 2607:f748:10:12::5f:2, 70.38.0.134
Connecting to iweb.dl.sourceforge.net (iweb.dl.sourceforge.net)|2607:f748:10:12::5f:2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 173288 (169K) [application/x-msdos-program]
Saving to: `./impact32.exe'
0K .......... .......... .......... .......... .......... 29% 271K 0s
50K .......... .......... .......... .......... .......... 59% 1.04M 0s
100K .......... .......... .......... .......... .......... 88% 539K 0s
150K .......... ......... 100% 40.4M=0.3s
2013-02-01 14:44:06 (521 KB/s) - `./impact32.exe' saved [173288/173288]
--2013-02-01 14:44:06-- http://downloads.sourceforge.net/corefonts/times32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe [following]
--2013-02-01 14:44:06-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe [following]
--2013-02-01 14:44:06-- http://hivelocity.dl.sourceforge.net/project/corefonts/the%20fonts/final/times32.exe
Resolving hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)... 74.50.101.106
Connecting to hivelocity.dl.sourceforge.net (hivelocity.dl.sourceforge.net)|74.50.101.106|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 661728 (646K) [application/octet-stream]
Saving to: `./times32.exe'
0K .......... .......... .......... .......... .......... 7% 348K 2s
50K .......... .......... .......... .......... .......... 15% 471K 1s
100K .......... .......... .......... .......... .......... 23% 1.35M 1s
150K .......... .......... .......... .......... .......... 30% 736K 1s
200K .......... .......... .......... .......... .......... 38% 1.35M 1s
250K .......... .......... .......... .......... .......... 46% 825K 1s
300K .......... .......... .......... .......... .......... 54% 720K 0s
350K .......... .......... .......... .......... .......... 61% 262K 0s
400K .......... .......... .......... .......... .......... 69% 1.34M 0s
450K .......... .......... .......... .......... .......... 77% 686K 0s
500K .......... .......... .......... .......... .......... 85% 1.39M 0s
550K .......... .......... .......... .......... .......... 92% 732K 0s
600K .......... .......... .......... .......... ...... 100% 1.23M=1.0s
2013-02-01 14:44:07 (673 KB/s) - `./times32.exe' saved [661728/661728]
--2013-02-01 14:44:07-- http://downloads.sourceforge.net/corefonts/trebuc32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe [following]
--2013-02-01 14:44:07-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://superb-dca3.dl.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe [following]
--2013-02-01 14:44:07-- http://superb-dca3.dl.sourceforge.net/project/corefonts/the%20fonts/final/trebuc32.exe
Resolving superb-dca3.dl.sourceforge.net (superb-dca3.dl.sourceforge.net)... 207.228.224.228
Connecting to superb-dca3.dl.sourceforge.net (superb-dca3.dl.sourceforge.net)|207.228.224.228|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 357200 (349K) [application/octet-stream]
Saving to: `./trebuc32.exe'
0K .......... .......... .......... .......... .......... 14% 224K 1s
50K .......... .......... .......... .......... .......... 28% 560K 1s
100K .......... .......... .......... .......... .......... 43% 1.09M 0s
150K .......... .......... .......... .......... .......... 57% 569K 0s
200K .......... .......... .......... .......... .......... 71% 37.4M 0s
250K .......... .......... .......... .......... .......... 86% 1.09M 0s
300K .......... .......... .......... .......... ........ 100% 1.07M=0.5s
2013-02-01 14:44:08 (652 KB/s) - `./trebuc32.exe' saved [357200/357200]
--2013-02-01 14:44:08-- http://downloads.sourceforge.net/corefonts/verdan32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe [following]
--2013-02-01 14:44:08-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://superb-dca2.dl.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe [following]
--2013-02-01 14:44:09-- http://superb-dca2.dl.sourceforge.net/project/corefonts/the%20fonts/final/verdan32.exe
Resolving superb-dca2.dl.sourceforge.net (superb-dca2.dl.sourceforge.net)... 209.61.193.20
Connecting to superb-dca2.dl.sourceforge.net (superb-dca2.dl.sourceforge.net)|209.61.193.20|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351992 (344K) [application/octet-stream]
Saving to: `./verdan32.exe'
0K .......... .......... .......... .......... .......... 14% 262K 1s
50K .......... .......... .......... .......... .......... 29% 655K 1s
100K .......... .......... .......... .......... .......... 43% 438K 0s
150K .......... .......... .......... .......... .......... 58% 655K 0s
200K .......... .......... .......... .......... .......... 72% 1.27M 0s
250K .......... .......... .......... .......... .......... 87% 1.26M 0s
300K .......... .......... .......... .......... ... 100% 62.4M=0.5s
2013-02-01 14:44:10 (642 KB/s) - `./verdan32.exe' saved [351992/351992]
--2013-02-01 14:44:10-- http://downloads.sourceforge.net/corefonts/webdin32.exe
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe [following]
--2013-02-01 14:44:10-- http://downloads.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe
Reusing existing connection to downloads.sourceforge.net:80.
HTTP request sent, awaiting response... 302 Found
Location: http://iweb.dl.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe [following]
--2013-02-01 14:44:11-- http://iweb.dl.sourceforge.net/project/corefonts/the%20fonts/final/webdin32.exe
Resolving iweb.dl.sourceforge.net (iweb.dl.sourceforge.net)... 2607:f748:10:12::5f:2, 70.38.0.134
Connecting to iweb.dl.sourceforge.net (iweb.dl.sourceforge.net)|2607:f748:10:12::5f:2|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 185072 (181K) [application/x-msdos-program]
Saving to: `./webdin32.exe'
0K .......... .......... .......... .......... .......... 27% 262K 0s
50K .......... .......... .......... .......... .......... 55% 1.01M 0s
100K .......... .......... .......... .......... .......... 82% 526K 0s
150K .......... .......... .......... 100% 765K=0.4s
2013-02-01 14:44:11 (483 KB/s) - `./webdin32.exe' saved [185072/185072]
andale32.exe: OK
Extracting cabinet: andale32.exe
extracting fontinst.inf
extracting andale.inf
extracting fontinst.exe
extracting AndaleMo.TTF
extracting ADVPACK.DLL
extracting W95INF32.DLL
extracting W95INF16.DLL
All done, no errors.
arialb32.exe: OK
Extracting cabinet: arialb32.exe
extracting fontinst.exe
extracting fontinst.inf
extracting AriBlk.TTF
All done, no errors.
arial32.exe: OK
Extracting cabinet: arial32.exe
extracting FONTINST.EXE
extracting fontinst.inf
extracting Ariali.TTF
extracting Arialbd.TTF
extracting Arialbi.TTF
extracting Arial.TTF
All done, no errors.
comic32.exe: OK
Extracting cabinet: comic32.exe
extracting fontinst.inf
extracting Comicbd.TTF
extracting Comic.TTF
extracting fontinst.exe
All done, no errors.
courie32.exe: OK
Extracting cabinet: courie32.exe
extracting cour.ttf
extracting courbd.ttf
extracting courbi.ttf
extracting fontinst.inf
extracting couri.ttf
extracting fontinst.exe
All done, no errors.
georgi32.exe: OK
Extracting cabinet: georgi32.exe
extracting fontinst.inf
extracting Georgiaz.TTF
extracting Georgiab.TTF
extracting Georgiai.TTF
extracting Georgia.TTF
extracting fontinst.exe
All done, no errors.
impact32.exe: OK
Extracting cabinet: impact32.exe
extracting fontinst.exe
extracting Impact.TTF
extracting fontinst.inf
All done, no errors.
times32.exe: OK
Extracting cabinet: times32.exe
extracting fontinst.inf
extracting Times.TTF
extracting Timesbd.TTF
extracting Timesbi.TTF
extracting Timesi.TTF
extracting FONTINST.EXE
All done, no errors.
trebuc32.exe: OK
Extracting cabinet: trebuc32.exe
extracting FONTINST.EXE
extracting trebuc.ttf
extracting Trebucbd.ttf
extracting trebucbi.ttf
extracting trebucit.ttf
extracting fontinst.inf
All done, no errors.
verdan32.exe: OK
Extracting cabinet: verdan32.exe
extracting fontinst.exe
extracting fontinst.inf
extracting Verdanab.TTF
extracting Verdanai.TTF
extracting Verdanaz.TTF
extracting Verdana.TTF
All done, no errors.
webdin32.exe: OK
Extracting cabinet: webdin32.exe
extracting fontinst.exe
extracting Webdings.TTF
extracting fontinst.inf
extracting Licen.TXT
All done, no errors.
All fonts downloaded and installed.
Setting up x11-xkb-utils (7.7~1) ...
Setting up xauth (1:1.0.7-1) ...
Setting up xfonts-base (1:1.0.3) ...
Setting up xserver-common (2:1.12.4-4) ...
Setting up xvfb (2:1.12.4-4) ...
Setting up wkhtmltopdf (0.9.9-4) ...
==========
pear config-set preferred_state beta
=====Output=====
config-set succeeded
==========
pecl install Imagick
You will be asked for the location of the Imagemagick installation, I just hit <Enter> to autodetect.
=====Output=====
downloading imagick-3.1.0RC2.tgz ...
Starting to download imagick-3.1.0RC2.tgz (93,264 bytes)
.............done: 93,264 bytes
15 source files, building
running: phpize
Configuring for:
PHP Api Version: 20100412
Zend Module Api No: 20100525
Zend Extension Api No: 220100525
Please provide the prefix of Imagemagick installation [autodetect] :
building in /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2
running: /tmp/pear/temp/imagick/configure --with-imagick
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking for a sed that does not truncate output... /bin/sed
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking how to run the C preprocessor... cc -E
checking for icc... no
checking for suncc... no
checking whether cc understands -c and -o together... yes
checking for system library directory... lib
checking if compiler supports -R... no
checking if compiler supports -Wl,-rpath,... yes
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking target system type... x86_64-unknown-linux-gnu
checking for PHP prefix... /usr
checking for PHP includes... -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib
checking for PHP extension directory... /usr/lib/php5/20100525
checking for PHP installed headers prefix... /usr/include/php5
checking if debug is enabled... no
checking if zts is enabled... no
checking for re2c... re2c
checking for re2c version... 0.13.5 (ok)
checking for gawk... no
checking for nawk... nawk
checking if nawk is broken... no
checking whether to enable the imagick extension... yes, shared
checking whether to enable the imagick GraphicsMagick backend... no
checking ImageMagick MagickWand API configuration program... found in /usr/bin/MagickWand-config
checking if ImageMagick version is at least 6.2.4... found version 6.7.7 Q16
checking for MagickWand.h header file... found in /usr/include/ImageMagick/wand/MagickWand.h
checking PHP version is at least 5.1.3... yes. found 5.4.4-10
checking how to print strings... printf
checking for a sed that does not truncate output... (cached) /bin/sed
checking for fgrep... /bin/grep -F
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking whether ln -s works... yes
checking the maximum length of command line arguments... 1572864
checking whether the shell understands some XSI constructs... yes
checking whether the shell understands "+="... yes
checking how to convert x86_64-unknown-linux-gnu file names to x86_64-unknown-linux-gnu format... func_convert_file_noop
checking how to convert x86_64-unknown-linux-gnu file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... @
checking for strip... strip
checking for ranlib... ranlib
checking for gawk... (cached) nawk
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for sysroot... no
checking for mt... mt
checking if mt is a manifest tool... no
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if cc supports -fno-rtti -fno-exceptions... no
checking for cc option to produce PIC... -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking if cc supports -c -o file.o... (cached) yes
checking whether the cc linker (/usr/bin/ld -m elf_x86_64) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... GNU/Linux ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... no
configure: creating ./config.status
config.status: creating config.h
config.status: executing libtool commands
running: make
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_file.c -o imagick_file.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_file.c -fPIC -DPIC -o .libs/imagick_file.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_class.c -o imagick_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_class.c -fPIC -DPIC -o .libs/imagick_class.o
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimagematte':
/tmp/pear/temp/imagick/imagick_class.c:276:2: warning: 'MagickGetImageMatte' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:82) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_paintfloodfillimage':
/tmp/pear/temp/imagick/imagick_class.c:1034:3: warning: 'MagickPaintFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:99) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c:1037:3: warning: 'MagickPaintFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:99) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_recolorimage':
/tmp/pear/temp/imagick/imagick_class.c:1420:2: warning: 'MagickRecolorImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:109) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_colorfloodfillimage':
/tmp/pear/temp/imagick/imagick_class.c:3423:2: warning: 'MagickColorFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:75) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_mapimage':
/tmp/pear/temp/imagick/imagick_class.c:3763:2: warning: 'MagickMapImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:86) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_mattefloodfillimage':
/tmp/pear/temp/imagick/imagick_class.c:3796:2: warning: 'MagickMatteFloodfillImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:88) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_medianfilterimage':
/tmp/pear/temp/imagick/imagick_class.c:3823:2: warning: 'MagickMedianFilterImage' is deprecated (declared at /usr/include/ImageMagick/wand/magick-image.h:217) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_paintopaqueimage':
/tmp/pear/temp/imagick/imagick_class.c:3886:2: warning: 'MagickPaintOpaqueImageChannel' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:104) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_painttransparentimage':
/tmp/pear/temp/imagick/imagick_class.c:3949:2: warning: 'MagickPaintTransparentImage' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:107) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_reducenoiseimage':
/tmp/pear/temp/imagick/imagick_class.c:4092:2: warning: 'MagickReduceNoiseImage' is deprecated (declared at /usr/include/ImageMagick/wand/magick-image.h:265) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimageattribute':
/tmp/pear/temp/imagick/imagick_class.c:5101:2: warning: 'MagickGetImageAttribute' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:59) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimagechannelextrema':
/tmp/pear/temp/imagick/imagick_class.c:5288:2: warning: 'MagickGetImageChannelExtrema' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:78) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimageextrema':
/tmp/pear/temp/imagick/imagick_class.c:5542:2: warning: 'MagickGetImageExtrema' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:80) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimageindex':
/tmp/pear/temp/imagick/imagick_class.c:6383:2: warning: 'MagickGetImageIndex' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:65) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_setimageindex':
/tmp/pear/temp/imagick/imagick_class.c:6408:2: warning: 'MagickSetImageIndex' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:113) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_getimagesize':
/tmp/pear/temp/imagick/imagick_class.c:6486:2: warning: 'MagickGetImageSize' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:140) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_setimageattribute':
/tmp/pear/temp/imagick/imagick_class.c:6835:2: warning: 'MagickSetImageAttribute' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:111) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_flattenimages':
/tmp/pear/temp/imagick/imagick_class.c:7082:2: warning: 'MagickFlattenImages' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:132) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_averageimages':
/tmp/pear/temp/imagick/imagick_class.c:8128:2: warning: 'MagickAverageImages' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:131) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagick_class.c: In function 'zim_imagick_mosaicimages':
/tmp/pear/temp/imagick/imagick_class.c:8567:2: warning: 'MagickMosaicImages' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:135) [-Wdeprecated-declarations]
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickdraw_class.c -o imagickdraw_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickdraw_class.c -fPIC -DPIC -o .libs/imagickdraw_class.o
/tmp/pear/temp/imagick/imagickdraw_class.c: In function 'zim_imagickdraw_setfillalpha':
/tmp/pear/temp/imagick/imagickdraw_class.c:398:2: warning: 'DrawSetFillAlpha' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:167) [-Wdeprecated-declarations]
/tmp/pear/temp/imagick/imagickdraw_class.c: In function 'zim_imagickdraw_setstrokealpha':
/tmp/pear/temp/imagick/imagickdraw_class.c:458:2: warning: 'DrawSetStrokeAlpha' is deprecated (declared at /usr/include/ImageMagick/wand/deprecate.h:168) [-Wdeprecated-declarations]
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixel_class.c -o imagickpixel_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixel_class.c -fPIC -DPIC -o .libs/imagickpixel_class.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixeliterator_class.c -o imagickpixeliterator_class.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagickpixeliterator_class.c -fPIC -DPIC -o .libs/imagickpixeliterator_class.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_helpers.c -o imagick_helpers.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick_helpers.c -fPIC -DPIC -o .libs/imagick_helpers.o
/tmp/pear/temp/imagick/imagick_helpers.c: In function 'php_imagick_validate_map':
/tmp/pear/temp/imagick/imagick_helpers.c:149:12: warning: initialization discards 'const' qualifier from pointer target type [enabled by default]
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=compile cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick.c -o imagick.lo
libtool: compile: cc -I. -I/tmp/pear/temp/imagick -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -c /tmp/pear/temp/imagick/imagick.c -fPIC -DPIC -o .libs/imagick.o
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=link cc -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/include -I/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/main -I/tmp/pear/temp/imagick -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -I/usr/include/ImageMagick -DHAVE_CONFIG_H -g -O2 -o imagick.la -export-dynamic -avoid-version -prefer-pic -module -rpath /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules imagick_file.lo imagick_class.lo imagickdraw_class.lo imagickpixel_class.lo imagickpixeliterator_class.lo imagick_helpers.lo imagick.lo -lMagickWand -lMagickCore
libtool: link: cc -shared -fPIC -DPIC .libs/imagick_file.o .libs/imagick_class.o .libs/imagickdraw_class.o .libs/imagickpixel_class.o .libs/imagickpixeliterator_class.o .libs/imagick_helpers.o .libs/imagick.o /usr/lib/x86_64-linux-gnu/libMagickWand.so /usr/lib/x86_64-linux-gnu/libMagickCore.so -O2 -fopenmp -pthread -Wl,-soname -Wl,imagick.so -o .libs/imagick.so
libtool: link: ( cd ".libs" && rm -f "imagick.la" && ln -s "../imagick.la" "imagick.la" )
/bin/bash /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/libtool --mode=install cp ./imagick.la /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules
libtool: install: cp ./.libs/imagick.so /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules/imagick.so
libtool: install: cp ./.libs/imagick.lai /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules/imagick.la
libtool: finish: PATH="/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/sbin" ldconfig -n /tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules
----------------------------------------------------------------------
Libraries have been installed in:
/tmp/pear/temp/pear-build-rootSerSaO/imagick-3.1.0RC2/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,-rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
Build complete.
Don't forget to run 'make test'.
running: make INSTALL_ROOT="/tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2" install
Installing shared extensions: /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5/20100525/
Installing header files: /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/
running: find "/tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2" | xargs ls -dils
278621 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2
278655 4 drwxr-xr-x 4 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr
278659 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include
278660 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5
278661 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext
278662 4 drwxr-xr-x 2 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick
278664 28 -rw-r--r-- 1 root root 24972 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick/php_imagick_defs.h
278663 4 -rw-r--r-- 1 root root 2479 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick/php_imagick.h
278665 4 -rw-r--r-- 1 root root 1795 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/include/php5/ext/imagick/php_imagick_shared.h
278656 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib
278657 4 drwxr-xr-x 3 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5
278658 4 drwxr-xr-x 2 root root 4096 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5/20100525
278654 1392 -rwxr-xr-x 1 root root 1419123 Jan 15 14:57 /tmp/pear/temp/pear-build-rootSerSaO/install-imagick-3.1.0RC2/usr/lib/php5/20100525/imagick.so
Build process completed successfully
Installing '/usr/lib/php5/20100525/imagick.so'
Installing '/usr/include/php5/ext/imagick/php_imagick_defs.h'
Installing '/usr/include/php5/ext/imagick/php_imagick.h'
Installing '/usr/include/php5/ext/imagick/php_imagick_shared.h'
install ok: channel://pecl.php.net/imagick-3.1.0RC2
configuration option "php_ini" is not set to php.ini location
You should add "extension=imagick.so" to php.ini
==========
vi /etc/php5/fpm/conf.d/30-imagick.ini
-----/etc/php5/fpm/conf.d/30-imagick.ini-----
extension = imagick.so
----------
vi /etc/php5/fpm/php.ini
(at line 213 for me)
short_open_tag = Off
(at line 674 for me)
post_max_size = 12M
(at line 802 for me)
upload_max_filesize = 12M
(at line 1360 for me)
session.cookie_secure = 1
(at line 1391 for me)
session.cookie_httponly = 1
-----/etc/php5/fpm/php.ini-----
[PHP]
;;;;;;;;;;;;;;;;;;;
; About php.ini ;
;;;;;;;;;;;;;;;;;;;
; PHP's initialization file, generally called php.ini, is responsible for
; configuring many of the aspects of PHP's behavior.
; PHP attempts to find and load this configuration from a number of locations.
; The following is a summary of its search order:
; 1. SAPI module specific location.
; 2. The PHPRC environment variable. (As of PHP 5.2.0)
; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
; 4. Current working directory (except CLI)
; 5. The web server's directory (for SAPI modules), or directory of PHP
; (otherwise in Windows)
; 6. The directory from the --with-config-file-path compile time option, or the
; Windows directory (C:\windows or C:\winnt)
; See the PHP docs for more specific information.
; http://php.net/configuration.file
; The syntax of the file is extremely simple. Whitespace and lines
; beginning with a semicolon are silently ignored (as you probably guessed).
; Section headers (e.g. [Foo]) are also silently ignored, even though
; they might mean something in the future.
; Directives following the section heading [PATH=/www/mysite] only
; apply to PHP files in the /www/mysite directory. Directives
; following the section heading [HOST=www.example.com] only apply to
; PHP files served from www.example.com. Directives set in these
; special sections cannot be overridden by user-defined INI files or
; at runtime. Currently, [PATH=] and [HOST=] sections only work under
; CGI/FastCGI.
; http://php.net/ini.sections
; Directives are specified using the following syntax:
; directive = value
; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
; Directives are variables used to configure PHP or PHP extensions.
; There is no name validation. If PHP can't find an expected
; directive because it is not set or is mistyped, a default value will be used.
; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
; previously set variable or directive (e.g. ${foo})
; Expressions in the INI file are limited to bitwise operators and parentheses:
; | bitwise OR
; ^ bitwise XOR
; & bitwise AND
; ~ bitwise NOT
; ! boolean NOT
; Boolean flags can be turned on using the values 1, On, True or Yes.
; They can be turned off using the values 0, Off, False or No.
; An empty string can be denoted by simply not writing anything after the equal
; sign, or by using the None keyword:
; foo = ; sets foo to an empty string
; foo = None ; sets foo to an empty string
; foo = "None" ; sets foo to the string 'None'
; If you use constants in your value, and these constants belong to a
; dynamically loaded extension (either a PHP extension or a Zend extension),
; you may only use these constants *after* the line that loads the extension.
;;;;;;;;;;;;;;;;;;;
; About this file ;
;;;;;;;;;;;;;;;;;;;
; PHP comes packaged with two INI files. One that is recommended to be used
; in production environments and one that is recommended to be used in
; development environments.
; php.ini-production contains settings which hold security, performance and
; best practices at its core. But please be aware, these settings may break
; compatibility with older or less security conscience applications. We
; recommending using the production ini in production and testing environments.
; php.ini-development is very similar to its production variant, except it's
; much more verbose when it comes to errors. We recommending using the
; development version only in development environments as errors shown to
; application users can inadvertently leak otherwise secure information.
; This is php.ini-production INI file.
;;;;;;;;;;;;;;;;;;;
; Quick Reference ;
;;;;;;;;;;;;;;;;;;;
; The following are all the settings which are different in either the production
; or development versions of the INIs with respect to PHP's default behavior.
; Please see the actual settings later in the document for more details as to why
; we recommend these changes in PHP's behavior.
; display_errors
; Default Value: On
; Development Value: On
; Production Value: Off
; display_startup_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; error_reporting
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; html_errors
; Default Value: On
; Development Value: On
; Production value: On
; log_errors
; Default Value: Off
; Development Value: On
; Production Value: On
; max_input_time
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; output_buffering
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; register_argc_argv
; Default Value: On
; Development Value: Off
; Production Value: Off
; request_order
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; session.bug_compat_42
; Default Value: On
; Development Value: On
; Production Value: Off
; session.bug_compat_warn
; Default Value: On
; Development Value: On
; Production Value: Off
; session.gc_divisor
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; session.hash_bits_per_character
; Default Value: 4
; Development Value: 5
; Production Value: 5
; short_open_tag
; Default Value: On
; Development Value: Off
; Production Value: Off
; track_errors
; Default Value: Off
; Development Value: On
; Production Value: Off
; url_rewriter.tags
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; variables_order
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS"
;;;;;;;;;;;;;;;;;;;;
; php.ini Options ;
;;;;;;;;;;;;;;;;;;;;
; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
;user_ini.filename = ".user.ini"
; To disable this feature set this option to empty value
;user_ini.filename =
; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
;user_ini.cache_ttl = 300
;;;;;;;;;;;;;;;;;;;;
; Language Options ;
;;;;;;;;;;;;;;;;;;;;
; Enable the PHP scripting language engine under Apache.
; http://php.net/engine
engine = On
; This directive determines whether or not PHP will recognize code between
; <? and ?> tags as PHP source which should be processed as such. It's been
; recommended for several years that you not use the short tag "short cut" and
; instead to use the full <?php and ?> tag combination. With the wide spread use
; of XML and use of these tags by other languages, the server can become easily
; confused and end up parsing the wrong code in the wrong context. But because
; this short cut has been a feature for such a long time, it's currently still
; supported for backwards compatibility, but we recommend you don't use them.
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/short-open-tag
short_open_tag = Off
; Allow ASP-style <% %> tags.
; http://php.net/asp-tags
asp_tags = Off
; The number of significant digits displayed in floating point numbers.
; http://php.net/precision
precision = 14
; Output buffering is a mechanism for controlling how much output data
; (excluding headers and cookies) PHP should keep internally before pushing that
; data to the client. If your application's output exceeds this setting, PHP
; will send that data in chunks of roughly the size you specify.
; Turning on this setting and managing its maximum buffer size can yield some
; interesting side-effects depending on your application and web server.
; You may be able to send headers and cookies after you've already sent output
; through print or echo. You also may see performance benefits if your server is
; emitting less packets due to buffered output versus PHP streaming the output
; as it gets it. On production servers, 4096 bytes is a good setting for performance
; reasons.
; Note: Output buffering can also be controlled via Output Buffering Control
; functions.
; Possible Values:
; On = Enabled and buffer is unlimited. (Use with caution)
; Off = Disabled
; Integer = Enables the buffer and sets its maximum size in bytes.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: Off
; Development Value: 4096
; Production Value: 4096
; http://php.net/output-buffering
output_buffering = 4096
; You can redirect all of the output of your scripts to a function. For
; example, if you set output_handler to "mb_output_handler", character
; encoding will be transparently converted to the specified encoding.
; Setting any output handler automatically turns on output buffering.
; Note: People who wrote portable scripts should not depend on this ini
; directive. Instead, explicitly set the output handler using ob_start().
; Using this ini directive may cause problems unless you know what script
; is doing.
; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
; Note: output_handler must be empty if this is set 'On' !!!!
; Instead you must use zlib.output_handler.
; http://php.net/output-handler
;output_handler =
; Transparent output compression using the zlib library
; Valid values for this option are 'off', 'on', or a specific buffer size
; to be used for compression (default is 4KB)
; Note: Resulting chunk size may vary due to nature of compression. PHP
; outputs chunks that are few hundreds bytes each as a result of
; compression. If you prefer a larger chunk size for better
; performance, enable output_buffering in addition.
; Note: You need to use zlib.output_handler instead of the standard
; output_handler, or otherwise the output will be corrupted.
; http://php.net/zlib.output-compression
zlib.output_compression = Off
; http://php.net/zlib.output-compression-level
;zlib.output_compression_level = -1
; You cannot specify additional output handlers if zlib.output_compression
; is activated here. This setting does the same as output_handler but in
; a different order.
; http://php.net/zlib.output-handler
;zlib.output_handler =
; Implicit flush tells PHP to tell the output layer to flush itself
; automatically after every output block. This is equivalent to calling the
; PHP function flush() after each and every call to print() or echo() and each
; and every HTML block. Turning this option on has serious performance
; implications and is generally recommended for debugging purposes only.
; http://php.net/implicit-flush
; Note: This directive is hardcoded to On for the CLI SAPI
implicit_flush = Off
; The unserialize callback function will be called (with the undefined class'
; name as parameter), if the unserializer finds an undefined class
; which should be instantiated. A warning appears if the specified function is
; not defined, or if the function doesn't include/implement the missing class.
; So only set this entry, if you really want to implement such a
; callback-function.
unserialize_callback_func =
; When floats & doubles are serialized store serialize_precision significant
; digits after the floating point. The default value ensures that when floats
; are decoded with unserialize, the data will remain the same.
serialize_precision = 17
; open_basedir, if set, limits all file operations to the defined directory
; and below. This directive makes most sense if used in a per-directory
; or per-virtualhost web server configuration file. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/open-basedir
;open_basedir =
; This directive allows you to disable certain functions for security reasons.
; It receives a comma-delimited list of function names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-functions
disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
; This directive allows you to disable certain classes for security reasons.
; It receives a comma-delimited list of class names. This directive is
; *NOT* affected by whether Safe Mode is turned On or Off.
; http://php.net/disable-classes
disable_classes =
; Colors for Syntax Highlighting mode. Anything that's acceptable in
; <span style="color: ???????"> would work.
; http://php.net/syntax-highlighting
;highlight.string = #DD0000
;highlight.comment = #FF9900
;highlight.keyword = #007700
;highlight.default = #0000BB
;highlight.html = #000000
; If enabled, the request will be allowed to complete even if the user aborts
; the request. Consider enabling it if executing long requests, which may end up
; being interrupted by the user or a browser timing out. PHP's default behavior
; is to disable this feature.
; http://php.net/ignore-user-abort
;ignore_user_abort = On
; Determines the size of the realpath cache to be used by PHP. This value should
; be increased on systems where PHP opens many files to reflect the quantity of
; the file operations performed.
; http://php.net/realpath-cache-size
;realpath_cache_size = 16k
; Duration of time, in seconds for which to cache realpath information for a given
; file or directory. For systems with rarely changing files, consider increasing this
; value.
; http://php.net/realpath-cache-ttl
;realpath_cache_ttl = 120
; Enables or disables the circular reference collector.
; http://php.net/zend.enable-gc
zend.enable_gc = On
; If enabled, scripts may be written in encodings that are incompatible with
; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
; encodings. To use this feature, mbstring extension must be enabled.
; Default: Off
;zend.multibyte = Off
; Allows to set the default encoding for the scripts. This value will be used
; unless "declare(encoding=...)" directive appears at the top of the script.
; Only affects if zend.multibyte is set.
; Default: ""
;zend.script_encoding =
;;;;;;;;;;;;;;;;;
; Miscellaneous ;
;;;;;;;;;;;;;;;;;
; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header). It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = On
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
; Maximum execution time of each script, in seconds
; http://php.net/max-execution-time
; Note: This directive is hardcoded to 0 for the CLI SAPI
max_execution_time = 30
; Maximum amount of time each script may spend parsing request data. It's a good
; idea to limit this time on productions servers in order to eliminate unexpectedly
; long running scripts.
; Note: This directive is hardcoded to -1 for the CLI SAPI
; Default Value: -1 (Unlimited)
; Development Value: 60 (60 seconds)
; Production Value: 60 (60 seconds)
; http://php.net/max-input-time
max_input_time = 60
; Maximum input variable nesting level
; http://php.net/max-input-nesting-level
;max_input_nesting_level = 64
; How many GET/POST/COOKIE input variables may be accepted
; max_input_vars = 1000
; Maximum amount of memory a script may consume (128MB)
; http://php.net/memory-limit
memory_limit = 128M
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Error handling and logging ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This directive informs PHP of which errors, warnings and notices you would like
; it to take action for. The recommended way of setting values for this
; directive is through the use of the error level constants and bitwise
; operators. The error level constants are below here for convenience as well as
; some common settings and their meanings.
; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
; those related to E_NOTICE and E_STRICT, which together cover best practices and
; recommended coding standards in PHP. For performance reasons, this is the
; recommend error reporting setting. Your production server shouldn't be wasting
; resources complaining about best practices and coding standards. That's what
; development servers and development settings are for.
; Note: The php.ini-development file has this setting as E_ALL. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;
; Error Level Constants:
; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
; E_ERROR - fatal run-time errors
; E_RECOVERABLE_ERROR - almost fatal run-time errors
; E_WARNING - run-time warnings (non-fatal errors)
; E_PARSE - compile-time parse errors
; E_NOTICE - run-time notices (these are warnings which often result
; from a bug in your code, but it's possible that it was
; intentional (e.g., using an uninitialized variable and
; relying on the fact it's automatically initialized to an
; empty string)
; E_STRICT - run-time notices, enable to have PHP suggest changes
; to your code which will ensure the best interoperability
; and forward compatibility of your code
; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
; initial startup
; E_COMPILE_ERROR - fatal compile-time errors
; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
; E_USER_ERROR - user-generated error message
; E_USER_WARNING - user-generated warning message
; E_USER_NOTICE - user-generated notice message
; E_DEPRECATED - warn about code that will not work in future versions
; of PHP
; E_USER_DEPRECATED - user-generated deprecation warnings
;
; Common Values:
; E_ALL (Show all errors, warnings and notices including coding standards.)
; E_ALL & ~E_NOTICE (Show all errors, except for notices)
; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
; Development Value: E_ALL
; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
; http://php.net/error-reporting
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
; This directive controls whether or not and where PHP will output errors,
; notices and warnings too. Error output is very useful during development, but
; it could be very dangerous in production environments. Depending on the code
; which is triggering the error, sensitive information could potentially leak
; out of your application such as database usernames and passwords or worse.
; It's recommended that errors be logged on production servers rather than
; having the errors sent to STDOUT.
; Possible Values:
; Off = Do not display any errors
; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
; On or stdout = Display errors to STDOUT
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/display-errors
display_errors = Off
; The display of errors which occur during PHP's startup sequence are handled
; separately from display_errors. PHP's default behavior is to suppress those
; errors from clients. Turning the display of startup errors on can be useful in
; debugging configuration problems. But, it's strongly recommended that you
; leave this setting off on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
; http://php.net/display-startup-errors
display_startup_errors = Off
; Besides displaying errors, PHP can also log errors to locations such as a
; server-specific log, STDERR, or a location specified by the error_log
; directive found below. While errors should not be displayed on productions
; servers they should still be monitored and logging is a great way to do that.
; Default Value: Off
; Development Value: On
; Production Value: On
; http://php.net/log-errors
log_errors = On
; Set maximum length of log_errors. In error_log information about the source is
; added. The default is 1024 and 0 allows to not apply any maximum length at all.
; http://php.net/log-errors-max-len
log_errors_max_len = 1024
; Do not log repeated messages. Repeated errors must occur in same file on same
; line unless ignore_repeated_source is set true.
; http://php.net/ignore-repeated-errors
ignore_repeated_errors = Off
; Ignore source of message when ignoring repeated messages. When this setting
; is On you will not log errors with repeated messages from different files or
; source lines.
; http://php.net/ignore-repeated-source
ignore_repeated_source = Off
; If this parameter is set to Off, then memory leaks will not be shown (on
; stdout or in the log). This has only effect in a debug compile, and if
; error reporting includes E_WARNING in the allowed list
; http://php.net/report-memleaks
report_memleaks = On
; This setting is on by default.
;report_zend_debug = 0
; Store the last error/warning message in $php_errormsg (boolean). Setting this value
; to On can assist in debugging and is appropriate for development servers. It should
; however be disabled on production servers.
; Default Value: Off
; Development Value: On
; Production Value: Off
; http://php.net/track-errors
track_errors = Off
; Turn off normal error reporting and emit XML-RPC error XML
; http://php.net/xmlrpc-errors
;xmlrpc_errors = 0
; An XML-RPC faultCode
;xmlrpc_error_number = 0
; When PHP displays or logs an error, it has the capability of formatting the
; error message as HTML for easier reading. This directive controls whether
; the error message is formatted as HTML or not.
; Note: This directive is hardcoded to Off for the CLI SAPI
; Default Value: On
; Development Value: On
; Production value: On
; http://php.net/html-errors
html_errors = On
; If html_errors is set to On *and* docref_root is not empty, then PHP
; produces clickable error messages that direct to a page describing the error
; or function causing the error in detail.
; You can download a copy of the PHP manual from http://php.net/docs
; and change docref_root to the base URL of your local copy including the
; leading '/'. You must also specify the file extension being used including
; the dot. PHP's default behavior is to leave these settings empty, in which
; case no links to documentation are generated.
; Note: Never use this feature for production boxes.
; http://php.net/docref-root
; Examples
;docref_root = "/phpmanual/"
; http://php.net/docref-ext
;docref_ext = .html
; String to output before an error message. PHP's default behavior is to leave
; this setting blank.
; http://php.net/error-prepend-string
; Example:
;error_prepend_string = "<span style='color: #ff0000'>"
; String to output after an error message. PHP's default behavior is to leave
; this setting blank.
; http://php.net/error-append-string
; Example:
;error_append_string = "</span>"
; Log errors to specified file. PHP's default behavior is to leave this value
; empty.
; http://php.net/error-log
; Example:
;error_log = php_errors.log
; Log errors to syslog (Event Log on NT, not valid in Windows 95).
;error_log = syslog
;windows.show_crt_warning
; Default value: 0
; Development value: 0
; Production value: 0
;;;;;;;;;;;;;;;;;
; Data Handling ;
;;;;;;;;;;;;;;;;;
; The separator used in PHP generated URLs to separate arguments.
; PHP's default setting is "&".
; http://php.net/arg-separator.output
; Example:
;arg_separator.output = "&amp;"
; List of separator(s) used by PHP to parse input URLs into variables.
; PHP's default setting is "&".
; NOTE: Every character in this directive is considered as separator!
; http://php.net/arg-separator.input
; Example:
;arg_separator.input = ";&"
; This directive determines which super global arrays are registered when PHP
; starts up. G,P,C,E & S are abbreviations for the following respective super
; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
; paid for the registration of these arrays and because ENV is not as commonly
; used as the others, ENV is not recommended on productions servers. You
; can still get access to the environment variables through getenv() should you
; need to.
; Default Value: "EGPCS"
; Development Value: "GPCS"
; Production Value: "GPCS";
; http://php.net/variables-order
variables_order = "GPCS"
; This directive determines which super global data (G,P,C,E & S) should
; be registered into the super global array REQUEST. If so, it also determines
; the order in which that data is registered. The values for this directive are
; specified in the same manner as the variables_order directive, EXCEPT one.
; Leaving this value empty will cause PHP to use the value set in the
; variables_order directive. It does not mean it will leave the super globals
; array REQUEST empty.
; Default Value: None
; Development Value: "GP"
; Production Value: "GP"
; http://php.net/request-order
request_order = "GP"
; This directive determines whether PHP registers $argv & $argc each time it
; runs. $argv contains an array of all the arguments passed to PHP when a script
; is invoked. $argc contains an integer representing the number of arguments
; that were passed when the script was invoked. These arrays are extremely
; useful when running scripts from the command line. When this directive is
; enabled, registering these variables consumes CPU cycles and memory each time
; a script is executed. For performance reasons, this feature should be disabled
; on production servers.
; Note: This directive is hardcoded to On for the CLI SAPI
; Default Value: On
; Development Value: Off
; Production Value: Off
; http://php.net/register-argc-argv
register_argc_argv = Off
; When enabled, the ENV, REQUEST and SERVER variables are created when they're
; first used (Just In Time) instead of when the script starts. If these
; variables are not used within a script, having this directive on will result
; in a performance gain. The PHP directive register_argc_argv must be disabled
; for this directive to have any affect.
; http://php.net/auto-globals-jit
auto_globals_jit = On
; Whether PHP will read the POST data.
; This option is enabled by default.
; Most likely, you won't want to disable this option globally. It causes $_POST
; and $_FILES to always be empty; the only way you will be able to read the
; POST data will be through the php://input stream wrapper. This can be useful
; to proxy requests or to process the POST data in a memory efficient fashion.
; http://php.net/enable-post-data-reading
;enable_post_data_reading = Off
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 12M
; Automatically add files before PHP document.
; http://php.net/auto-prepend-file
auto_prepend_file =
; Automatically add files after PHP document.
; http://php.net/auto-append-file
auto_append_file =
; By default, PHP will output a character encoding using
; the Content-type: header. To disable sending of the charset, simply
; set it to be empty.
;
; PHP's built-in default is text/html
; http://php.net/default-mimetype
default_mimetype = "text/html"
; PHP's default character set is set to empty.
; http://php.net/default-charset
;default_charset = "UTF-8"
; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
; to disable this feature. If post reading is disabled through
; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated.
; http://php.net/always-populate-raw-post-data
;always_populate_raw_post_data = On
;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;
; UNIX: "/path1:/path2"
;include_path = ".:/usr/share/php"
;
; Windows: "\path1;\path2"
;include_path = ".;c:\php\includes"
;
; PHP's default setting for include_path is ".;/path/to/php/pear"
; http://php.net/include-path
; The root of the PHP pages, used only if nonempty.
; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
; if you are running php as a CGI under any web server (other than IIS)
; see documentation for security issues. The alternate is to use the
; cgi.force_redirect configuration below
; http://php.net/doc-root
doc_root =
; The directory under which PHP opens the script using /~username used only
; if nonempty.
; http://php.net/user-dir
user_dir =
; Directory in which the loadable extensions (modules) reside.
; http://php.net/extension-dir
; extension_dir = "./"
; On windows:
; extension_dir = "ext"
; Whether or not to enable the dl() function. The dl() function does NOT work
; properly in multithreaded servers, such as IIS or Zeus, and is automatically
; disabled on them.
; http://php.net/enable-dl
enable_dl = Off
; cgi.force_redirect is necessary to provide security running PHP as a CGI under
; most web servers. Left undefined, PHP turns this on by default. You can
; turn it off here AT YOUR OWN RISK
; **You CAN safely turn this off for IIS, in fact, you MUST.**
; http://php.net/cgi.force-redirect
;cgi.force_redirect = 1
; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
; every request. PHP's default behavior is to disable this feature.
;cgi.nph = 1
; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
; will look for to know it is OK to continue execution. Setting this variable MAY
; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
; http://php.net/cgi.redirect-status-env
;cgi.redirect_status_env = ;
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://php.net/cgi.fix-pathinfo
;cgi.fix_pathinfo=1
; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
; security tokens of the calling client. This allows IIS to define the
; security context that the request runs under. mod_fastcgi under Apache
; does not currently support this feature (03/17/2002)
; Set to 1 if running under IIS. Default is zero.
; http://php.net/fastcgi.impersonate
;fastcgi.impersonate = 1;
; Disable logging through FastCGI connection. PHP's default behavior is to enable
; this feature.
;fastcgi.logging = 0
; cgi.rfc2616_headers configuration option tells PHP what type of headers to
; use when sending HTTP response code. If it's set 0 PHP sends Status: header that
; is supported by Apache. When this option is set to 1 PHP will send
; RFC2616 compliant header.
; Default is zero.
; http://php.net/cgi.rfc2616-headers
;cgi.rfc2616_headers = 0
;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;
; Whether to allow HTTP file uploads.
; http://php.net/file-uploads
file_uploads = On
; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://php.net/upload-tmp-dir
;upload_tmp_dir =
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 12M
; Maximum number of files that can be uploaded via a single request
max_file_uploads = 20
;;;;;;;;;;;;;;;;;;
; Fopen wrappers ;
;;;;;;;;;;;;;;;;;;
; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-fopen
allow_url_fopen = On
; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
; http://php.net/allow-url-include
allow_url_include = Off
; Define the anonymous ftp password (your email address). PHP's default setting
; for this is empty.
; http://php.net/from
;from="john@doe.com"
; Define the User-Agent string. PHP's default setting for this is empty.
; http://php.net/user-agent
;user_agent="PHP"
; Default timeout for socket based streams (seconds)
; http://php.net/default-socket-timeout
default_socket_timeout = 60
; If your scripts have to deal with files from Macintosh systems,
; or you are running on a Mac and need to deal with files from
; unix or win32 systems, setting this flag will cause PHP to
; automatically detect the EOL character in those files so that
; fgets() and file() will work regardless of the source of the file.
; http://php.net/auto-detect-line-endings
;auto_detect_line_endings = Off
;;;;;;;;;;;;;;;;;;;;;;
; Dynamic Extensions ;
;;;;;;;;;;;;;;;;;;;;;;
; If you wish to have an extension loaded automatically, use the following
; syntax:
;
; extension=modulename.extension
;
; For example, on Windows:
;
; extension=msql.dll
;
; ... or under UNIX:
;
; extension=msql.so
;
; ... or with a path:
;
; extension=/path/to/extension/msql.so
;
; If you only provide the name of the extension, PHP will look for it in its
; default extension directory.
;
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
[CLI Server]
; Whether the CLI web server uses ANSI color coding in its terminal output.
cli_server.color = On
[Date]
; Defines the default timezone used by the date functions
; http://php.net/date.timezone
;date.timezone =
; http://php.net/date.default-latitude
;date.default_latitude = 31.7667
; http://php.net/date.default-longitude
;date.default_longitude = 35.2333
; http://php.net/date.sunrise-zenith
;date.sunrise_zenith = 90.583333
; http://php.net/date.sunset-zenith
;date.sunset_zenith = 90.583333
[filter]
; http://php.net/filter.default
;filter.default = unsafe_raw
; http://php.net/filter.default-flags
;filter.default_flags =
[iconv]
;iconv.input_encoding = ISO-8859-1
;iconv.internal_encoding = ISO-8859-1
;iconv.output_encoding = ISO-8859-1
[intl]
;intl.default_locale =
; This directive allows you to produce PHP errors when some error
; happens within intl functions. The value is the level of the error produced.
; Default is 0, which does not produce any errors.
;intl.error_level = E_WARNING
[sqlite]
; http://php.net/sqlite.assoc-case
;sqlite.assoc_case = 0
[sqlite3]
;sqlite3.extension_dir =
[Pcre]
;PCRE library backtracking limit.
; http://php.net/pcre.backtrack-limit
;pcre.backtrack_limit=100000
;PCRE library recursion limit.
;Please note that if you set this value to a high number you may consume all
;the available process stack and eventually crash PHP (due to reaching the
;stack size limit imposed by the Operating System).
; http://php.net/pcre.recursion-limit
;pcre.recursion_limit=100000
[Pdo]
; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
; http://php.net/pdo-odbc.connection-pooling
;pdo_odbc.connection_pooling=strict
;pdo_odbc.db2_instance_name
[Pdo_mysql]
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/pdo_mysql.cache_size
pdo_mysql.cache_size = 2000
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/pdo_mysql.default-socket
pdo_mysql.default_socket=
[Phar]
; http://php.net/phar.readonly
;phar.readonly = On
; http://php.net/phar.require-hash
;phar.require_hash = On
;phar.cache_list =
[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost
; http://php.net/smtp-port
smtp_port = 25
; For Win32 only.
; http://php.net/sendmail-from
;sendmail_from = me@example.com
; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
;sendmail_path =
; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_parameters =
; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
mail.add_x_header = On
; The path to a log file that will log all mail() calls. Log entries include
; the full path of the script, line number, To address and headers.
;mail.log =
[SQL]
; http://php.net/sql.safe-mode
sql.safe_mode = Off
[ODBC]
; http://php.net/odbc.default-db
;odbc.default_db = Not yet implemented
; http://php.net/odbc.default-user
;odbc.default_user = Not yet implemented
; http://php.net/odbc.default-pw
;odbc.default_pw = Not yet implemented
; Controls the ODBC cursor model.
; Default: SQL_CURSOR_STATIC (default).
;odbc.default_cursortype
; Allow or prevent persistent links.
; http://php.net/odbc.allow-persistent
odbc.allow_persistent = On
; Check that a connection is still valid before reuse.
; http://php.net/odbc.check-persistent
odbc.check_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/odbc.max-persistent
odbc.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/odbc.max-links
odbc.max_links = -1
; Handling of LONG fields. Returns number of bytes to variables. 0 means
; passthru.
; http://php.net/odbc.defaultlrl
odbc.defaultlrl = 4096
; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
; of odbc.defaultlrl and odbc.defaultbinmode
; http://php.net/odbc.defaultbinmode
odbc.defaultbinmode = 1
;birdstep.max_links = -1
[Interbase]
; Allow or prevent persistent links.
ibase.allow_persistent = 1
; Maximum number of persistent links. -1 means no limit.
ibase.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
ibase.max_links = -1
; Default database name for ibase_connect().
;ibase.default_db =
; Default username for ibase_connect().
;ibase.default_user =
; Default password for ibase_connect().
;ibase.default_password =
; Default charset for ibase_connect().
;ibase.default_charset =
; Default timestamp format.
ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
; Default date format.
ibase.dateformat = "%Y-%m-%d"
; Default time format.
ibase.timeformat = "%H:%M:%S"
[MySQL]
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysql.allow_local_infile
mysql.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysql.allow-persistent
mysql.allow_persistent = On
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysql.cache_size
mysql.cache_size = 2000
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysql.max-persistent
mysql.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/mysql.max-links
mysql.max_links = -1
; Default port number for mysql_connect(). If unset, mysql_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysql.default-port
mysql.default_port =
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysql.default-socket
mysql.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-host
mysql.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysql.default-user
mysql.default_user =
; Default password for mysql_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysql.default-password
mysql.default_password =
; Maximum time (in seconds) for connect timeout. -1 means no limit
; http://php.net/mysql.connect-timeout
mysql.connect_timeout = 60
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
; http://php.net/mysql.trace-mode
mysql.trace_mode = Off
[MySQLi]
; Maximum number of persistent links. -1 means no limit.
; http://php.net/mysqli.max-persistent
mysqli.max_persistent = -1
; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
; http://php.net/mysqli.allow_local_infile
;mysqli.allow_local_infile = On
; Allow or prevent persistent links.
; http://php.net/mysqli.allow-persistent
mysqli.allow_persistent = On
; Maximum number of links. -1 means no limit.
; http://php.net/mysqli.max-links
mysqli.max_links = -1
; If mysqlnd is used: Number of cache slots for the internal result set cache
; http://php.net/mysqli.cache_size
mysqli.cache_size = 2000
; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
; at MYSQL_PORT.
; http://php.net/mysqli.default-port
mysqli.default_port = 3306
; Default socket name for local MySQL connects. If empty, uses the built-in
; MySQL defaults.
; http://php.net/mysqli.default-socket
mysqli.default_socket =
; Default host for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysqli.default-host
mysqli.default_host =
; Default user for mysql_connect() (doesn't apply in safe mode).
; http://php.net/mysqli.default-user
mysqli.default_user =
; Default password for mysqli_connect() (doesn't apply in safe mode).
; Note that this is generally a *bad* idea to store passwords in this file.
; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
; and reveal this password! And of course, any users with read access to this
; file will be able to reveal the password as well.
; http://php.net/mysqli.default-pw
mysqli.default_pw =
; Allow or prevent reconnect
mysqli.reconnect = Off
[mysqlnd]
; Enable / Disable collection of general statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
; http://php.net/mysqlnd.collect_statistics
mysqlnd.collect_statistics = On
; Enable / Disable collection of memory usage statistics by mysqlnd which can be
; used to tune and monitor MySQL operations.
; http://php.net/mysqlnd.collect_memory_statistics
mysqlnd.collect_memory_statistics = Off
; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
; http://php.net/mysqlnd.net_cmd_buffer_size
;mysqlnd.net_cmd_buffer_size = 2048
; Size of a pre-allocated buffer used for reading data sent by the server in
; bytes.
; http://php.net/mysqlnd.net_read_buffer_size
;mysqlnd.net_read_buffer_size = 32768
[OCI8]
; Connection: Enables privileged connections using external
; credentials (OCI_SYSOPER, OCI_SYSDBA)
; http://php.net/oci8.privileged-connect
;oci8.privileged_connect = Off
; Connection: The maximum number of persistent OCI8 connections per
; process. Using -1 means no limit.
; http://php.net/oci8.max-persistent
;oci8.max_persistent = -1
; Connection: The maximum number of seconds a process is allowed to
; maintain an idle persistent connection. Using -1 means idle
; persistent connections will be maintained forever.
; http://php.net/oci8.persistent-timeout
;oci8.persistent_timeout = -1
; Connection: The number of seconds that must pass before issuing a
; ping during oci_pconnect() to check the connection validity. When
; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
; pings completely.
; http://php.net/oci8.ping-interval
;oci8.ping_interval = 60
; Connection: Set this to a user chosen connection class to be used
; for all pooled server requests with Oracle 11g Database Resident
; Connection Pooling (DRCP). To use DRCP, this value should be set to
; the same string for all web servers running the same application,
; the database pool must be configured, and the connection string must
; specify to use a pooled server.
;oci8.connection_class =
; High Availability: Using On lets PHP receive Fast Application
; Notification (FAN) events generated when a database node fails. The
; database must also be configured to post FAN events.
;oci8.events = Off
; Tuning: This option enables statement caching, and specifies how
; many statements to cache. Using 0 disables statement caching.
; http://php.net/oci8.statement-cache-size
;oci8.statement_cache_size = 20
; Tuning: Enables statement prefetching and sets the default number of
; rows that will be fetched automatically after statement execution.
; http://php.net/oci8.default-prefetch
;oci8.default_prefetch = 100
; Compatibility. Using On means oci_close() will not close
; oci_connect() and oci_new_connect() connections.
; http://php.net/oci8.old-oci-close-semantics
;oci8.old_oci_close_semantics = Off
[PostgreSQL]
; Allow or prevent persistent links.
; http://php.net/pgsql.allow-persistent
pgsql.allow_persistent = On
; Detect broken persistent links always with pg_pconnect().
; Auto reset feature requires a little overheads.
; http://php.net/pgsql.auto-reset-persistent
pgsql.auto_reset_persistent = Off
; Maximum number of persistent links. -1 means no limit.
; http://php.net/pgsql.max-persistent
pgsql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
; http://php.net/pgsql.max-links
pgsql.max_links = -1
; Ignore PostgreSQL backends Notice message or not.
; Notice message logging require a little overheads.
; http://php.net/pgsql.ignore-notice
pgsql.ignore_notice = 0
; Log PostgreSQL backends Notice message or not.
; Unless pgsql.ignore_notice=0, module cannot log notice message.
; http://php.net/pgsql.log-notice
pgsql.log_notice = 0
[Sybase-CT]
; Allow or prevent persistent links.
; http://php.net/sybct.allow-persistent
sybct.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
; http://php.net/sybct.max-persistent
sybct.max_persistent = -1
; Maximum number of links (persistent + non-persistent). -1 means no limit.
; http://php.net/sybct.max-links
sybct.max_links = -1
; Minimum server message severity to display.
; http://php.net/sybct.min-server-severity
sybct.min_server_severity = 10
; Minimum client message severity to display.
; http://php.net/sybct.min-client-severity
sybct.min_client_severity = 10
; Set per-context timeout
; http://php.net/sybct.timeout
;sybct.timeout=
;sybct.packet_size
; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
; Default: one minute
;sybct.login_timeout=
; The name of the host you claim to be connecting from, for display by sp_who.
; Default: none
;sybct.hostname=
; Allows you to define how often deadlocks are to be retried. -1 means "forever".
; Default: 0
;sybct.deadlock_retry_count=
[bcmath]
; Number of decimal digits for all bcmath functions.
; http://php.net/bcmath.scale
bcmath.scale = 0
[browscap]
; http://php.net/browscap
;browscap = extra/browscap.ini
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; The path can be defined as:
;
; session.save_path = "N;/path"
;
; where N is an integer. Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories. This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
; You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
; use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
; session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
; http://php.net/session.save-path
;session.save_path = "/var/lib/php5"
; Whether to use cookies.
; http://php.net/session.use-cookies
session.use_cookies = 1
; http://php.net/session.cookie-secure
session.cookie_secure = 1
; This option forces PHP to fetch and use a cookie for storing and maintaining
; the session id. We encourage this operation as it's very helpful in combating
; session hijacking when not specifying and managing your own session id. It is
; not the end all be all of session hijacking defense, but it's a good start.
; http://php.net/session.use-only-cookies
session.use_only_cookies = 1
; Name of the session (used as cookie name).
; http://php.net/session.name
session.name = PHPSESSID
; Initialize session on request startup.
; http://php.net/session.auto-start
session.auto_start = 0
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
; http://php.net/session.cookie-lifetime
session.cookie_lifetime = 0
; The path for which the cookie is valid.
; http://php.net/session.cookie-path
session.cookie_path = /
; The domain for which the cookie is valid.
; http://php.net/session.cookie-domain
session.cookie_domain =
; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
; http://php.net/session.cookie-httponly
session.cookie_httponly = 1
; Handler used to serialize data. php is the standard serializer of PHP.
; http://php.net/session.serialize-handler
session.serialize_handler = php
; Defines the probability that the 'garbage collection' process is started
; on every session initialization. The probability is calculated by using
; gc_probability/gc_divisor. Where session.gc_probability is the numerator
; and gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request.
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.gc-probability
session.gc_probability = 0
; Defines the probability that the 'garbage collection' process is started on every
; session initialization. The probability is calculated by using the following equation:
; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
; session.gc_divisor is the denominator in the equation. Setting this value to 1
; when the session.gc_divisor value is 100 will give you approximately a 1% chance
; the gc will run on any give request. Increasing this value to 1000 will give you
; a 0.1% chance the gc will run on any give request. For high volume production servers,
; this is a more efficient approach.
; Default Value: 100
; Development Value: 1000
; Production Value: 1000
; http://php.net/session.gc-divisor
session.gc_divisor = 1000
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
; http://php.net/session.gc-maxlifetime
session.gc_maxlifetime = 1440
; NOTE: If you are using the subdirectory option for storing session files
; (see session.save_path above), then garbage collection does *not*
; happen automatically. You will need to do your own garbage
; collection through a shell script, cron entry, or some other method.
; For example, the following script would is the equivalent of
; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
; find /path/to/sessions -cmin +24 | xargs rm
; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope.
; PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled. This feature
; introduces some serious security problems if not handled correctly. It's
; recommended that you do not use this feature on production servers. But you
; should enable this on development servers and enable the warning as well. If you
; do not enable the feature on development servers, you won't be warned when it's
; used and debugging errors caused by this can be difficult to track down.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/session.bug-compat-42
session.bug_compat_42 = Off
; This setting controls whether or not you are warned by PHP when initializing a
; session value into the global space. session.bug_compat_42 must be enabled before
; these warnings can be issued by PHP. See the directive above for more information.
; Default Value: On
; Development Value: On
; Production Value: Off
; http://php.net/session.bug-compat-warn
session.bug_compat_warn = Off
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
; http://php.net/session.referer-check
session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
; Defaults to /dev/urandom
; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
; If neither are found at compile time, the default is no entropy file.
; On windows, setting the entropy_length setting will activate the
; Windows random source (using the CryptoAPI)
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
; http://php.net/session.cache-limiter
session.cache_limiter = nocache
; Document expires after n minutes.
; http://php.net/session.cache-expire
session.cache_expire = 180
; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
; to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
; in publicly accessible computer.
; - User may access your site with the same session ID
; always using URL stored in browser's history or bookmarks.
; http://php.net/session.use-trans-sid
session.use_trans_sid = 0
; Select a hash function for use in generating session ids.
; Possible Values
; 0 (MD5 128 bits)
; 1 (SHA-1 160 bits)
; This option may also be set to the name of any hash function supported by
; the hash extension. A list of available hashes is returned by the hash_algos()
; function.
; http://php.net/session.hash-function
session.hash_function = 0
; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
; Possible values:
; 4 (4 bits: 0-9, a-f)
; 5 (5 bits: 0-9, a-v)
; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
; Default Value: 4
; Development Value: 5
; Production Value: 5
; http://php.net/session.hash-bits-per-character
session.hash_bits_per_character = 5
; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs. If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
; Default Value: "a=href,area=href,frame=src,form=,fieldset="
; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
; http://php.net/url-rewriter.tags
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
; Enable upload progress tracking in $_SESSION
; Default Value: On
; Development Value: On
; Production Value: On
; http://php.net/session.upload-progress.enabled
;session.upload_progress.enabled = On
; Cleanup the progress information as soon as all POST data has been read
; (i.e. upload completed).
; Default Value: On
; Development Value: On
; Production Value: On
; http://php.net/session.upload-progress.cleanup
;session.upload_progress.cleanup = On
; A prefix used for the upload progress key in $_SESSION
; Default Value: "upload_progress_"
; Development Value: "upload_progress_"
; Production Value: "upload_progress_"
; http://php.net/session.upload-progress.prefix
;session.upload_progress.prefix = "upload_progress_"
; The index name (concatenated with the prefix) in $_SESSION
; containing the upload progress information
; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
; http://php.net/session.upload-progress.name
;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
; How frequently the upload progress should be updated.
; Given either in percentages (per-file), or in bytes
; Default Value: "1%"
; Development Value: "1%"
; Production Value: "1%"
; http://php.net/session.upload-progress.freq
;session.upload_progress.freq = "1%"
; The minimum delay between updates, in seconds
; Default Value: 1
; Development Value: 1
; Production Value: 1
; http://php.net/session.upload-progress.min-freq
;session.upload_progress.min_freq = "1"
[MSSQL]
; Allow or prevent persistent links.
mssql.allow_persistent = On
; Maximum number of persistent links. -1 means no limit.
mssql.max_persistent = -1
; Maximum number of links (persistent+non persistent). -1 means no limit.
mssql.max_links = -1
; Minimum error severity to display.
mssql.min_error_severity = 10
; Minimum message severity to display.
mssql.min_message_severity = 10
; Compatibility mode with old versions of PHP 3.0.
mssql.compatability_mode = Off
; Connect timeout
;mssql.connect_timeout = 5
; Query timeout
;mssql.timeout = 60
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textlimit = 4096
; Valid range 0 - 2147483647. Default = 4096.
;mssql.textsize = 4096
; Limits the number of records in each batch. 0 = all records in one batch.
;mssql.batchsize = 0
; Specify how datetime and datetim4 columns are returned
; On => Returns data converted to SQL server settings
; Off => Returns values as YYYY-MM-DD hh:mm:ss
;mssql.datetimeconvert = On
; Use NT authentication when connecting to the server
mssql.secure_connection = Off
; Specify max number of processes. -1 = library default
; msdlib defaults to 25
; FreeTDS defaults to 4096
;mssql.max_procs = -1
; Specify client character set.
; If empty or not set the client charset from freetds.conf is used
; This is only used when compiled with FreeTDS
;mssql.charset = "ISO-8859-1"
[Assertion]
; Assert(expr); active by default.
; http://php.net/assert.active
;assert.active = On
; Issue a PHP warning for each failed assertion.
; http://php.net/assert.warning
;assert.warning = On
; Don't bail out by default.
; http://php.net/assert.bail
;assert.bail = Off
; User-function to be called if an assertion fails.
; http://php.net/assert.callback
;assert.callback = 0
; Eval the expression with current error_reporting(). Set to true if you want
; error_reporting(0) around the eval().
; http://php.net/assert.quiet-eval
;assert.quiet_eval = 0
[COM]
; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
; http://php.net/com.typelib-file
;com.typelib_file =
; allow Distributed-COM calls
; http://php.net/com.allow-dcom
;com.allow_dcom = true
; autoregister constants of a components typlib on com_load()
; http://php.net/com.autoregister-typelib
;com.autoregister_typelib = true
; register constants casesensitive
; http://php.net/com.autoregister-casesensitive
;com.autoregister_casesensitive = false
; show warnings on duplicate constant registrations
; http://php.net/com.autoregister-verbose
;com.autoregister_verbose = true
; The default character set code-page to use when passing strings to and from COM objects.
; Default: system ANSI code page
;com.code_page=
[mbstring]
; language for internal character representation.
; http://php.net/mbstring.language
;mbstring.language = Japanese
; internal/script encoding.
; Some encoding cannot work as internal encoding.
; (e.g. SJIS, BIG5, ISO-2022-*)
; http://php.net/mbstring.internal-encoding
;mbstring.internal_encoding = EUC-JP
; http input encoding.
; http://php.net/mbstring.http-input
;mbstring.http_input = auto
; http output encoding. mb_output_handler must be
; registered as output buffer to function
; http://php.net/mbstring.http-output
;mbstring.http_output = SJIS
; enable automatic encoding translation according to
; mbstring.internal_encoding setting. Input chars are
; converted to internal encoding by setting this to On.
; Note: Do _not_ use automatic encoding translation for
; portable libs/applications.
; http://php.net/mbstring.encoding-translation
;mbstring.encoding_translation = Off
; automatic encoding detection order.
; auto means
; http://php.net/mbstring.detect-order
;mbstring.detect_order = auto
; substitute_character used when character cannot be converted
; one from another
; http://php.net/mbstring.substitute-character
;mbstring.substitute_character = none;
; overload(replace) single byte functions by mbstring functions.
; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
; etc. Possible values are 0,1,2,4 or combination of them.
; For example, 7 for overload everything.
; 0: No overload
; 1: Overload mail() function
; 2: Overload str*() functions
; 4: Overload ereg*() functions
; http://php.net/mbstring.func-overload
;mbstring.func_overload = 0
; enable strict encoding detection.
;mbstring.strict_detection = Off
; This directive specifies the regex pattern of content types for which mb_output_handler()
; is activated.
; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
;mbstring.http_output_conv_mimetype=
[gd]
; Tell the jpeg decode to ignore warnings and try to create
; a gd image. The warning will then be displayed as notices
; disabled by default
; http://php.net/gd.jpeg-ignore-warning
;gd.jpeg_ignore_warning = 0
[exif]
; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
; With mbstring support this will automatically be converted into the encoding
; given by corresponding encode setting. When empty mbstring.internal_encoding
; is used. For the decode settings you can distinguish between motorola and
; intel byte order. A decode setting cannot be empty.
; http://php.net/exif.encode-unicode
;exif.encode_unicode = ISO-8859-15
; http://php.net/exif.decode-unicode-motorola
;exif.decode_unicode_motorola = UCS-2BE
; http://php.net/exif.decode-unicode-intel
;exif.decode_unicode_intel = UCS-2LE
; http://php.net/exif.encode-jis
;exif.encode_jis =
; http://php.net/exif.decode-jis-motorola
;exif.decode_jis_motorola = JIS
; http://php.net/exif.decode-jis-intel
;exif.decode_jis_intel = JIS
[Tidy]
; The path to a default tidy configuration file to use when using tidy
; http://php.net/tidy.default-config
;tidy.default_config = /usr/local/lib/php/default.tcfg
; Should tidy clean and repair output automatically?
; WARNING: Do not use this option if you are generating non-html content
; such as dynamic images
; http://php.net/tidy.clean-output
tidy.clean_output = Off
[soap]
; Enables or disables WSDL caching feature.
; http://php.net/soap.wsdl-cache-enabled
soap.wsdl_cache_enabled=1
; Sets the directory name where SOAP extension will put cache files.
; http://php.net/soap.wsdl-cache-dir
soap.wsdl_cache_dir="/tmp"
; (time to live) Sets the number of second while cached file will be used
; instead of original one.
; http://php.net/soap.wsdl-cache-ttl
soap.wsdl_cache_ttl=86400
; Sets the size of the cache limit. (Max. number of WSDL files to cache)
soap.wsdl_cache_limit = 5
[sysvshm]
; A default size of the shared memory segment
;sysvshm.init_mem = 10000
[ldap]
; Sets the maximum number of open links or -1 for unlimited.
ldap.max_links = -1
[mcrypt]
; For more information about mcrypt settings see http://php.net/mcrypt-module-open
; Directory where to load mcrypt algorithms
; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
;mcrypt.algorithms_dir=
; Directory where to load mcrypt modes
; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
;mcrypt.modes_dir=
[dba]
;dba.default_handler=
; Local Variables:
; tab-width: 4
; End:
----------
Install MySQL
apt-get install mysql-server mysql-client php5-mysql
a dialog pops up for you to set a password on the root mysql user
a second dialog will pop up to confirm there were no typos or give you the opportunity to enter identical typos which is another way to look at it.
=====Output=====
?????Missed the two dialogs?????
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient18 libnet-daemon-perl
libplrpc-perl mysql-client-5.5 mysql-common mysql-server-5.5 mysql-server-core-5.5
Suggested packages:
libipc-sharedcache-perl libterm-readkey-perl tinyca
The following NEW packages will be installed:
libaio1 libdbd-mysql-perl libdbi-perl libhtml-template-perl libmysqlclient18 libnet-daemon-perl
libplrpc-perl mysql-client mysql-client-5.5 mysql-common mysql-server mysql-server-5.5
mysql-server-core-5.5 php5-mysql
0 upgraded, 14 newly installed, 0 to remove and 0 not upgraded.
Need to get 9,560 kB of archives.
After this operation, 93.1 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1 http://ftp.debian.org/debian/ wheezy/main libaio1 i386 0.3.109-3 [9,384 B]
Get:2 http://ftp.debian.org/debian/ wheezy/main mysql-common all 5.5.28+dfsg-1 [89.1 kB]
Get:3 http://ftp.debian.org/debian/ wheezy/main libmysqlclient18 i386 5.5.28+dfsg-1 [672 kB]
Get:4 http://ftp.debian.org/debian/ wheezy/main libnet-daemon-perl all 0.48-1 [46.2 kB]
Get:5 http://ftp.debian.org/debian/ wheezy/main libplrpc-perl all 0.2020-2 [36.0 kB]
Get:6 http://ftp.debian.org/debian/ wheezy/main libdbi-perl i386 1.622-1 [897 kB]
Get:7 http://ftp.debian.org/debian/ wheezy/main libdbd-mysql-perl i386 4.021-1+b1 [127 kB]
Get:8 http://ftp.debian.org/debian/ wheezy/main mysql-client-5.5 i386 5.5.28+dfsg-1 [1,726 kB]
Get:9 http://ftp.debian.org/debian/ wheezy/main mysql-server-core-5.5 i386 5.5.28+dfsg-1 [3,625 kB]
Get:10 http://ftp.debian.org/debian/ wheezy/main mysql-server-5.5 i386 5.5.28+dfsg-1 [2,008 kB]
Get:11 http://ftp.debian.org/debian/ wheezy/main php5-mysql i386 5.4.4-12 [76.8 kB]
Get:12 http://ftp.debian.org/debian/ wheezy/main libhtml-template-perl all 2.91-1 [72.0 kB]
Get:13 http://ftp.debian.org/debian/ wheezy/main mysql-client all 5.5.28+dfsg-1 [87.2 kB]
Get:14 http://ftp.debian.org/debian/ wheezy/main mysql-server all 5.5.28+dfsg-1 [87.3 kB]
Fetched 9,560 kB in 7s (1,342 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libaio1:i386.
(Reading database ... 41987 files and directories currently installed.)
Unpacking libaio1:i386 (from .../libaio1_0.3.109-3_i386.deb) ...
Selecting previously unselected package mysql-common.
Unpacking mysql-common (from .../mysql-common_5.5.28+dfsg-1_all.deb) ...
Selecting previously unselected package libmysqlclient18:i386.
Unpacking libmysqlclient18:i386 (from .../libmysqlclient18_5.5.28+dfsg-1_i386.deb) ...
Selecting previously unselected package libnet-daemon-perl.
Unpacking libnet-daemon-perl (from .../libnet-daemon-perl_0.48-1_all.deb) ...
Selecting previously unselected package libplrpc-perl.
Unpacking libplrpc-perl (from .../libplrpc-perl_0.2020-2_all.deb) ...
Selecting previously unselected package libdbi-perl.
Unpacking libdbi-perl (from .../libdbi-perl_1.622-1_i386.deb) ...
Selecting previously unselected package libdbd-mysql-perl.
Unpacking libdbd-mysql-perl (from .../libdbd-mysql-perl_4.021-1+b1_i386.deb) ...
Selecting previously unselected package mysql-client-5.5.
Unpacking mysql-client-5.5 (from .../mysql-client-5.5_5.5.28+dfsg-1_i386.deb) ...
Selecting previously unselected package mysql-server-core-5.5.
Unpacking mysql-server-core-5.5 (from .../mysql-server-core-5.5_5.5.28+dfsg-1_i386.deb) ...
Processing triggers for man-db ...
Setting up mysql-common (5.5.28+dfsg-1) ...
Selecting previously unselected package mysql-server-5.5.
(Reading database ... 42368 files and directories currently installed.)
Unpacking mysql-server-5.5 (from .../mysql-server-5.5_5.5.28+dfsg-1_i386.deb) ...
Selecting previously unselected package php5-mysql.
Unpacking php5-mysql (from .../php5-mysql_5.4.4-12_i386.deb) ...
Selecting previously unselected package libhtml-template-perl.
Unpacking libhtml-template-perl (from .../libhtml-template-perl_2.91-1_all.deb) ...
Selecting previously unselected package mysql-client.
Unpacking mysql-client (from .../mysql-client_5.5.28+dfsg-1_all.deb) ...
Selecting previously unselected package mysql-server.
Unpacking mysql-server (from .../mysql-server_5.5.28+dfsg-1_all.deb) ...
Processing triggers for man-db ...
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
Setting up libaio1:i386 (0.3.109-3) ...
Setting up libmysqlclient18:i386 (5.5.28+dfsg-1) ...
Setting up libnet-daemon-perl (0.48-1) ...
Setting up libplrpc-perl (0.2020-2) ...
Setting up libdbi-perl (1.622-1) ...
Setting up libdbd-mysql-perl (4.021-1+b1) ...
Setting up mysql-client-5.5 (5.5.28+dfsg-1) ...
Setting up mysql-server-core-5.5 (5.5.28+dfsg-1) ...
Setting up mysql-server-5.5 (5.5.28+dfsg-1) ...
[ ok ] Stopping MySQL database server: mysqld.
130201 14:50:25 [Note] Plugin 'FEDERATED' is disabled.
130201 14:50:25 InnoDB: The InnoDB memory heap is disabled
130201 14:50:25 InnoDB: Mutexes and rw_locks use GCC atomic builtins
130201 14:50:25 InnoDB: Compressed tables use zlib 1.2.7
130201 14:50:25 InnoDB: Using Linux native AIO
130201 14:50:25 InnoDB: Initializing buffer pool, size = 128.0M
130201 14:50:25 InnoDB: Completed initialization of buffer pool
130201 14:50:25 InnoDB: highest supported file format is Barracuda.
130201 14:50:25 InnoDB: Waiting for the background threads to start
130201 14:50:26 InnoDB: 1.1.8 started; log sequence number 1595675
130201 14:50:26 InnoDB: Starting shutdown...
130201 14:50:27 InnoDB: Shutdown completed; log sequence number 1595675
[ ok ] Starting MySQL database server: mysqld ..
[info] Checking for tables which need an upgrade, are corrupt or were
not closed cleanly..
Setting up php5-mysql (5.4.4-12) ...
Creating config file /etc/php5/mods-available/mysql.ini with new version
Creating config file /etc/php5/mods-available/mysqli.ini with new version
Creating config file /etc/php5/mods-available/pdo_mysql.ini with new version
Setting up libhtml-template-perl (2.91-1) ...
Setting up mysql-client (5.5.28+dfsg-1) ...
Setting up mysql-server (5.5.28+dfsg-1) ...
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
==========
mysql_secure_installation
=====Output=====
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MySQL to secure it, we'll need the current
password for the root user. If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
You already have a root password set, so you can safely answer 'n'.
Change the root password? [Y/n] n
... skipping.
By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MySQL comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MySQL
installation should now be secure.
Thanks for using MySQL!
==========
mysql -uroot -p
=====Output=====
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 52
Server version: 5.5.28-1 (Debian)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
=========
USE mysql
=====Output=====
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
==========
A common vector is to attack the MySQL root user since it is the default omipotent user put on almost all MySQL installs.
So, give your 'root' user a different name. (Is admin more secure than root, meh. Yeah, I guess.)
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'pwork' WITH GRANT OPTION;
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'127.0.0.1' IDENTIFIED BY 'pwork' WITH GRANT OPTION;
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'::1' IDENTIFIED BY 'pwork' WITH GRANT OPTION;
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
CREATE USER 'backup'@'localhost' IDENTIFIED BY 'password';
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
GRANT SELECT, SHOW VIEW, RELOAD, REPLICATION CLIENT, EVENT, TRIGGER ON *.* TO 'backup'@'localhost';
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
FLUSH PRIVILEGES;
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
EXIT
=====Output=====
Bye
==========
!!!!!NOTE!!!!!
So, the debian-sys-maint user is used by a lot of stuff. And it would serve to break more than I can justify it saves. I fundamentally disagree with the debian-sys-maint user, but that is the mumblings of a first class nobody-significant.
Do nothing with the debian-sys-maint user. :(
!!!!!!!!!!
vi /etc/mysql/debian-start
This is my /etc/mysql/debian-start file
-----/etc/mysql/debian-start-----
#!/bin/bash
#
# This script is executed by "/etc/init.d/mysql" on every (re)start.
#
# Changes to this file will be preserved when updating the Debian package.
#
source /usr/share/mysql/debian-start.inc.sh
MYSQL="/usr/bin/mysql --defaults-file=/etc/mysql/debian.cnf"
MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf"
MYUPGRADE="/usr/bin/mysql_upgrade --defaults-extra-file=/etc/mysql/debian.cnf"
MYCHECK="/usr/bin/mysqlcheck --defaults-file=/etc/mysql/debian.cnf"
MYCHECK_SUBJECT="WARNING: mysqlcheck has found corrupt tables"
MYCHECK_PARAMS="--all-databases --fast --silent"
MYCHECK_RCPT="root"
# The following commands should be run when the server is up but in background
# where they do not block the server start and in one shell instance so that
# they run sequentially. They are supposed not to echo anything to stdout.
# If you want to disable the check for crashed tables comment
# "check_for_crashed_tables" out.
# (There may be no output to stdout inside the background process!)
#echo "Checking for tables which need an upgrade, are corrupt or were "
#echo "not closed cleanly."
#(
# upgrade_system_tables_if_necessary;
# check_root_accounts;
# check_for_crashed_tables;
#) >&2 &
exit 0
----------
Let's set up the ports.conf file for the httpd directives and the default site virtual host directives
vi /etc/apache2/ports.conf
-----/etc/apache2/ports.conf-----
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
NameVirtualHost *:443
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
NameVirtualHost *:443
Listen 443
</IfModule>
----------
set up the default virtual host configurations
specifically the virtualhosts for the default & default-ssl virtualhosts, the webroot locations, the log locations, and the ssl settings.
vi /etc/apache2/sites-available/default
-----/etc/apache2/sites-available/default-----
<VirtualHost _default_:80>
DocumentRoot /var/www/http
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/default-file -socket /var/www/.sockets/default.sock -user www-data -group www-data
Alias /fcgi-bin /tmp/default-file
LogLevel warn
ErrorLog /var/www/logs/error.log
CustomLog /var/www/logs/access.log combined
</VirtualHost>
----------
vi /etc/apache2/sites-available/default-ssl
-----/etc/apache2/sites-available/default-ssl-----
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www/https
<Directory /var/www/https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/default-ssl-imaginary-file -socket /var/www/.sockets/default.sock -user www-data -group www-data
Alias /fcgi-bin /tmp/default-ssl-imaginary-file
LogLevel warn
ErrorLog /var/www/logs/error-ssl.log
CustomLog /var/www/logs/access-ssl.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /var/www/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /var/www/certs/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# phpMyAdmin default Apache configuration
Alias /phpmyadmin /usr/share/phpmyadmin
<Directory /usr/share/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
<IfModule mod_php5.c>
AddType application/x-httpd-php .php
php_flag magic_quotes_gpc Off
php_flag track_vars On
php_flag register_globals Off
php_admin_flag allow_url_fopen Off
php_value include_path .
php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
</IfModule>
</Directory>
# Authorize for setup
<Directory /usr/share/phpmyadmin/setup>
<IfModule mod_authn_file.c>
AuthType Basic
AuthName "phpMyAdmin Setup"
AuthUserFile /etc/phpmyadmin/htpasswd.setup
</IfModule>
# Require valid-user
</Directory>
# Disallow web access to directories that don't need it
<Directory /usr/share/phpmyadmin/libraries>
Order Deny,Allow
Deny from All
</Directory>
<Directory /usr/share/phpmyadmin/setup/lib>
Order Deny,Allow
Deny from All
</Directory>
</VirtualHost>
</IfModule>
----------
create the file system directory structure specified in the configuration files
mkdir /var/www/http /var/www/https /var/www/certs /var/www/logs /var/www/tmp /var/www/.sockets /var/www/fonts
cp -R /usr/share/fonts/* /var/www/fonts
chown -R www-data:www-data /var/www/
chmod -R 770 /var/www
find /var/www -type d -exec chmod 771 {} \;
chmod -R ug+s /var/www
optionally move or delete the default web page created upon installation
rm /var/www/index.html
apt-get install phpmyadmin
hit the space key to select apache2
then hit <tab> and <enter>
configure database with dbconfig-common?
I hit <enter> to select Yes
next you will be asked for the mysql 'root' user password
after that you will be asked for a password to use with phpmyadmin
and lastly you will be asked to enter that phpmyadmin password again to verify that password
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
dbconfig-common libgd2-xpm libmcrypt4 php5-gd php5-mcrypt
Suggested packages:
libgd-tools libmcrypt-dev mcrypt
The following packages will be REMOVED:
libgd2-noxpm
The following NEW packages will be installed:
dbconfig-common libgd2-xpm libmcrypt4 php5-gd php5-mcrypt phpmyadmin
0 upgraded, 6 newly installed, 1 to remove and 0 not upgraded.
Need to get 6,329 kB of archives.
After this operation, 16.7 MB of additional disk space will be used.
Do you want to continue [Y/n]?
Get:1 http://ftp.debian.org/debian/ wheezy/main libgd2-xpm i386 2.0.36~rc1~dfsg-6.1 [232 kB]
Get:2 http://ftp.debian.org/debian/ wheezy/main php5-gd i386 5.4.4-12 [34.4 kB]
Get:3 http://ftp.debian.org/debian/ wheezy/main libmcrypt4 i386 2.5.8-3.1 [76.5 kB]
Get:4 http://ftp.debian.org/debian/ wheezy/main php5-mcrypt i386 5.4.4-12 [15.6 kB]
Get:5 http://ftp.debian.org/debian/ wheezy/main dbconfig-common all 1.8.47+nmu1 [487 kB]
Get:6 http://ftp.debian.org/debian/ wheezy/main phpmyadmin all 4:3.4.11.1-1 [5,483 kB]
Fetched 6,329 kB in 5s (1,176 kB/s)
Preconfiguring packages ...
dpkg: libgd2-noxpm:i386: dependency problems, but removing anyway as you requested:
libgvc5 depends on libgd2-noxpm (>= 2.0.36~rc1~dfsg) | libgd2-xpm (>= 2.0.36~rc1~dfsg); however:
Package libgd2-noxpm:i386 is to be removed.
Package libgd2-xpm is not installed.
gnuplot-nox depends on libgd2-noxpm (>= 2.0.36~rc1~dfsg) | libgd2-xpm (>= 2.0.36~rc1~dfsg); however:
Package libgd2-noxpm:i386 is to be removed.
Package libgd2-xpm is not installed.
----------
┌────────────────────────────────┤ Configuring phpmyadmin ├────────────────────────────────┐
│ Please choose the web server that should be automatically configured to run phpMyAdmin. │
│ │
│ Web server to reconfigure automatically: │
│ │
│ [*] apache2 │
│ [ ] lighttpd │
│ │
│ │
│ <Ok> │
│ │
└──────────────────────────────────────────────────────────────────────────────────────────┘
----------
(Reading database ... 42481 files and directories currently installed.)
Removing libgd2-noxpm:i386 ...
Selecting previously unselected package libgd2-xpm:i386.
(Reading database ... 42470 files and directories currently installed.)
Unpacking libgd2-xpm:i386 (from .../libgd2-xpm_2.0.36~rc1~dfsg-6.1_i386.deb) ...
Setting up libgd2-xpm:i386 (2.0.36~rc1~dfsg-6.1) ...
Selecting previously unselected package php5-gd.
(Reading database ... 42481 files and directories currently installed.)
Unpacking php5-gd (from .../php5-gd_5.4.4-12_i386.deb) ...
Selecting previously unselected package libmcrypt4.
Unpacking libmcrypt4 (from .../libmcrypt4_2.5.8-3.1_i386.deb) ...
Selecting previously unselected package php5-mcrypt.
Unpacking php5-mcrypt (from .../php5-mcrypt_5.4.4-12_i386.deb) ...
Selecting previously unselected package dbconfig-common.
Unpacking dbconfig-common (from .../dbconfig-common_1.8.47+nmu1_all.deb) ...
Selecting previously unselected package phpmyadmin.
Unpacking phpmyadmin (from .../phpmyadmin_4%3a3.4.11.1-1_all.deb) ...
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
Processing triggers for man-db ...
Processing triggers for hicolor-icon-theme ...
Setting up php5-gd (5.4.4-12) ...
Creating config file /etc/php5/mods-available/gd.ini with new version
Setting up libmcrypt4 (2.5.8-3.1) ...
Setting up php5-mcrypt (5.4.4-12) ...
----------
┌──────────────────────────────────────┤ Configuring phpmyadmin ├──────────────────────────────────────┐
│ │
│ The phpmyadmin package must have a database installed and configured before it can be used. This
│ can be optionally handled with dbconfig-common.
│ If you are an advanced database administrator and know that you want to perform this configuration
│ manually, or if your database has already been installed and configured, you should refuse this
│ option. Details on what needs to be done should most likely be provided in
│ /usr/share/doc/phpmyadmin.
│ <Ok>
│ │
└──────────────────────────────────────────────────────────────────────────────────────────────────────┘
----------
----------
┌────────────────┤ Configuring phpmyadmin ├────────────────┐
│ │
│ Configure database for phpmyadmin with dbconfig-common? │
│ │
│ <Yes> <No> │
│ │
└──────────────────────────────────────────────────────────┘
----------
----------
┌─────────────────────────────────────┤ Configuring phpmyadmin ├─────────────────────────────────────┐
│ Please provide the password for the administrative account with which this package should create │
│ its MySQL database and user. │
│ │
│ Password of the database's administrative user: │
│ │
│ __________________________________________________________________________________________________ │
│ │
│ <Ok> <Cancel> │
│ │
└────────────────────────────────────────────────────────────────────────────────────────────────────┘
----------
----------
┌─────────────────────────────────────┤ Configuring phpmyadmin ├─────────────────────────────────────┐
│ Please provide a password for phpmyadmin to register with the database server. If left blank, a │
│ random password will be generated. │
│ │
│ MySQL application password for phpmyadmin: │
│ │
│ __________________________________________________________________________________________________ │
│ │
│ <Ok> <Cancel> │
│ │
└────────────────────────────────────────────────────────────────────────────────────────────────────┘
----------
----------
┌────┤ Configuring phpmyadmin ├─────┐
│ │
│ │
│ Password confirmation: │
│ │
│ _________________________________ │
│ │
│ <Ok> <Cancel> │
│ │
└───────────────────────────────────┘
----------
Creating config file /etc/php5/mods-available/mcrypt.ini with new version
Setting up dbconfig-common (1.8.47+nmu1) ...
Creating config file /etc/dbconfig-common/config with new version
Processing triggers for php5-fpm ...
[ ok ] Restarting PHP5 FastCGI Process Manager: php5-fpm.
Setting up phpmyadmin (4:3.4.11.1-1) ...
dbconfig-common: writing config to /etc/dbconfig-common/phpmyadmin.conf
Creating config file /etc/dbconfig-common/phpmyadmin.conf with new version
Creating config file /etc/phpmyadmin/config-db.php with new version
granting access to database phpmyadmin for phpmyadmin@localhost: success.
verifying access for phpmyadmin@localhost: success.
creating database phpmyadmin: success.
verifying database phpmyadmin exists: success.
populating database via sql... done.
dbconfig-common: flushing administrative password
[FAIL] Reloading web server config: apache2 failed!
invoke-rc.d: initscript apache2, action "reload" failed.
?????Apache did not start properly?????
==========
fix the phpmyadmin configurations
!!!!!NOTE!!!!!
/etc/phpmyadmin/config-db.php
-based upon settings in /etc/dbconfig-common/phpmyadmin.config
-this file is automatically generated and defines the database user and database name phpmyadmin will use
/etc/dbconfig-common/phpmyadmin.conf
-supplies the username and password for /etc/phpmyadmin/config-db.php during a scripted install
!!!!!!!!!!
vi /etc/dbconfig-common/phpmyadmin.conf
(line 50)
dbc_dbadmin='admin'
-----/etc/dbconfig-common/phpmyadmin.conf-----
# automatically generated by the maintainer scripts of phpmyadmin
# any changes you make will be preserved, though your comments
# will be lost! to change your settings you should edit this
# file and then run "dpkg-reconfigure phpmyadmin"
# dbc_install: configure database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_install='true'
# dbc_upgrade: upgrade database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_upgrade='true'
# dbc_remove: deconfigure database with dbconfig-common?
# set to anything but "true" to opt out of assistance
dbc_remove=''
# dbc_dbtype: type of underlying database to use
# this exists primarily to let dbconfig-common know what database
# type to use when a package supports multiple database types.
# don't change this value unless you know for certain that this
# package supports multiple database types
dbc_dbtype='mysql'
# dbc_dbuser: database user
# the name of the user who we will use to connect to the database.
dbc_dbuser='phpmyadmin'
# dbc_dbpass: database user password
# the password to use with the above username when connecting
# to a database, if one is required
dbc_dbpass='pwork'
# dbc_dbserver: database host.
# leave unset to use localhost (or a more efficient local method
# if it exists).
dbc_dbserver=''
# dbc_dbport: remote database port
# leave unset to use the default. only applicable if you are
# using a remote database.
dbc_dbport=''
# dbc_dbname: name of database
# this is the name of your application's database.
dbc_dbname='phpmyadmin'
# dbc_dbadmin: name of the administrative user
# this is the administrative user that is used to create all of the above
dbc_dbadmin='admin'
# dbc_basepath: base directory to hold database files
# leave unset to use the default. only applicable if you are
# using a local (filesystem based) database.
dbc_basepath=''
##
## postgresql specific settings. if you don't use postgresql,
## you can safely ignore all of these
##
# dbc_ssl: should we require ssl?
# set to "true" to require that connections use ssl
dbc_ssl=''
# dbc_authmethod_admin: authentication method for admin
# dbc_authmethod_user: authentication method for dbuser
# see the section titled "AUTHENTICATION METHODS" in
# /usr/share/doc/dbconfig-common/README.pgsql for more info
dbc_authmethod_admin=''
dbc_authmethod_user=''
##
## end postgresql specific settings
##
----------
-these following directives, I move into the virtual host configuration(s) of my choosing, which in this case is the system default-ssl configuration
my /etc/phpmyadmin/apache.conf is effectively blank when I am done with adding comment symbols for the moved directives
the directives are relocated into the machine's default ssh directives as above
vi /etc/phpmyadmin/apache.conf
-----/etc/phpmyadmin/apache.conf-----
# phpMyAdmin default Apache configuration
#Alias /phpmyadmin /usr/share/phpmyadmin
#<Directory /usr/share/phpmyadmin>
# Options FollowSymLinks
# DirectoryIndex index.php
# <IfModule mod_php5.c>
# AddType application/x-httpd-php .php
# php_flag magic_quotes_gpc Off
# php_flag track_vars On
# php_flag register_globals Off
# php_admin_flag allow_url_fopen Off
# php_value include_path .
# php_admin_value upload_tmp_dir /var/lib/phpmyadmin/tmp
# php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/
# </IfModule>
#</Directory>
# Authorize for setup
#<Directory /usr/share/phpmyadmin/setup>
# <IfModule mod_authn_file.c>
# AuthType Basic
# AuthName "phpMyAdmin Setup"
# AuthUserFile /etc/phpmyadmin/htpasswd.setup
# </IfModule>
# Require valid-user
#</Directory>
# Disallow web access to directories that don't need it
#<Directory /usr/share/phpmyadmin/libraries>
# Order Deny,Allow
# Deny from All
#</Directory>
#<Directory /usr/share/phpmyadmin/setup/lib>
# Order Deny,Allow
# Deny from All
#</Directory>
----------
This section is just for machines that will use self-signed SSL certificates-- which this tutorial is.
For a better no cost alternative at this time, visit StartSSL.com for a free Class 1 SSL certificate. --and if you see fit, buy something better than a Class 1 certificate from those good people.
make a backup of the default openssl settings
cp /etc/ssl/openssl.cnf /etc/ssl/openssl.cnf~
edit the /etc/ssl/openssl.cnf
vi /etc/ssl/openssl.cnf
(line 73)
default_days = 3650 # how long to certify for
(line 74)
default_crl_days= 3650 # how long before next CRL
(line 129)
countryName_default = US
(line 133)
stateOrProvinceName_default = Ohio
(line 139)
0.organizationName_default = The Rust Belt Rebellion
(line 146)
organizationalUnitName_default = Web Hosting
-----/etc/ssl/openssl.cnf-----
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = ./demoCA # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 3650 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Ohio
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Rust Belt Rebellion
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = Web Hosting
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
# SET-ex3 = SET extension number 3
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = ./demoCA # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
----------
openssl req -new -x509 -extensions v3_ca -keyout /var/www/certs/ssl-cert-snakeoil.key -out /var/www/certs/ssl-cert-snakeoil.pem -days 3650 -config /etc/ssl/openssl.cnf
=====Command Output=====
Generating a 2048 bit RSA private key
.....................................................................................................+++
..........+++
writing new private key to '/var/www/certs/ssl-cert-snakeoil.key'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [Ohio]:
Locality Name (eg, city) []:Shaker Heights
Organization Name (eg, company) [Rust Belt Rebellion]:
Organizational Unit Name (eg, section) [Web Hosting]:
Common Name (e.g. server FQDN or YOUR name) []:debian-wheezy.launchhouse.lan
Email Address []:
==========
remove the passphrase
mv /var/www/certs/ssl-cert-snakeoil.key /var/www/certs/ssl-cert-snakeoil.key~
openssl rsa -in /var/www/certs/ssl-cert-snakeoil.key~ -out /var/www/certs/ssl-cert-snakeoil.key
=====Command Output=====
Enter pass phrase for /var/www/certs/ssl-cert-snakeoil.key~:
writing RSA key
==========
a2ensite default-ssl
=====Output=====
Enabling site default-ssl.
To activate the new configuration, you need to run:
service apache2 reload
==========
service apache2 restart
=====Output=====
[....] Restarting web server: apache2[Sat Feb 02 01:06:26 2013] [warn] FastCGI: there is no fastcgi wrapper set, user/group options are ignored
[Sat Feb 02 01:06:26 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
... waiting .[Sat Feb 02 01:06:28 2013] [warn] FastCGI: there is no fastcgi wrapper set, user/group options are ignored
[Sat Feb 02 01:06:28 2013] [warn] NameVirtualHost *:443 has no VirtualHosts
. ok
==========
/usr/sbin/pma-configure
=====Output=====
Unsecuring phpMyAdmin installation...
Setup script can now write to the configuration file.
Do not forget to run /usr/sbin/pma-secure after configuring,
otherwise your installation might be at risk of attack.
==========
navigate to https://{hostIP}/phpmyadmin/setup in your browser
There are two places to mark SSL as required.
The first is in the 'new server wizard'
Save to exit to the Overview.
Save at the bottom as well.
The second can be found by clicking 'features' at the left and then on the security tab.
Save to exit to the Overview.
Save at the bottom as well.
!!!!!NOTE!!!!!
Those settings will be saved into:
/var/lib/phpmyadmin/config.inc.php
-empty upon a stock wheezy install
-https://host/phpmyadmin/setup is able to write to this file after running the /usr/sbin/pma-configure script.
-----/var/lib/phpmyadmin/config.inc.php-----
<?php
/*
* Generated configuration file
* Generated by: phpMyAdmin 3.4.11.1deb1 setup script
* Date: Thu, 03 Jan 2013 19:03:00 +0000
*/
/* Servers configuration */
$i = 0;
/* Server: localhost [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = '';
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['port'] = '';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['ssl'] = true;
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['compress'] = true;
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['pmadb'] = 'pmadb';
$cfg['Servers'][$i]['controluser'] = 'phpmyadmin';
$cfg['Servers'][$i]['controlpass'] = 'pwork';
$cfg['Servers'][$i]['tracking_version_auto_create'] = true;
/* End of servers configuration */
$cfg['UploadDir'] = '';
$cfg['SaveDir'] = '';
$cfg['DefaultLang'] = 'en';
$cfg['ForceSSL'] = true;
$cfg['AllowUserDropDatabase'] = true;
$cfg['blowfish_secret'] = '50e48846ed2642.34479138';
$cfg['ServerDefault'] = 1;
?>
----------
There are settings dropped into /etc/phpmyadmin/config.inc.php automatically, notably all the table names for phpmyadmin and a few others.
You can look through it if you want, no changes will be made.
vi /etc/phpmyadmin/config.inc.php
Likewise for /usr/share/phpmyadmin/config.inc.php
this is the last bastion that phpmyadmin looks at for it's configuration-- this is where the things you want to have set need to be (so they overwrite undesirable settings) or be missing (so the preferred settings set elsewhere are not overwritten).
Again, you can look through it if you want, no changes will be made.
vi /usr/share/phpmyadmin/config.inc.php
/var/lib/phpmyadmin/blowfish_secret.inc.php
-just make sure the secret in here is the same as in all the other something.inc.php files if you have blowfish_secret problems.
!!!!!!!!!
/usr/sbin/pma-secure
=====Output=====
Securing phpMyAdmin installation...
Setup script won't be able to write configuration.
==========
!!!!!NOTE!!!!!
delete the phpmyadmin config directory-- you are done configuring via wide swaths, it is just fine tuning that can be done in a text editor by sysadmins now.
Meh, I'll figure out where this thing is later.
!!!!!!!!!!
mysql -uadmin -p
=====Output=====
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 65
Server version: 5.5.28-1 (Debian)
Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
==========
DELETE FROM mysql.user WHERE User='root';
=====Output=====
Query OK, 3 rows affected (0.00 sec)
==========
FLUSH PRIVILEGES;
=====Output=====
Query OK, 0 rows affected (0.00 sec)
==========
EXIT
=====Output=====
Bye
==========
install git version control
apt-get install git
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
git-man libcurl3-gnutls liberror-perl patch rsync
Suggested packages:
git-daemon-run git-daemon-sysvinit git-doc git-el git-arch git-cvs git-svn git-email git-gui gitk
gitweb ed diffutils-doc
The following NEW packages will be installed:
git git-man libcurl3-gnutls liberror-perl patch rsync
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 8,472 kB of archives.
After this operation, 16.1 MB of additional disk space will be used.
Do you want to continue [Y/n]?
Get:1 http://ftp.debian.org/debian/ wheezy/main libcurl3-gnutls i386 7.26.0-1 [327 kB]
Get:2 http://ftp.debian.org/debian/ wheezy/main patch i386 2.6.1-3 [127 kB]
Get:3 http://ftp.debian.org/debian/ wheezy/main liberror-perl all 0.17-1 [23.6 kB]
Get:4 http://ftp.debian.org/debian/ wheezy/main git-man all 1:1.7.10.4-1+wheezy1 [1,074 kB]
Get:5 http://ftp.debian.org/debian/ wheezy/main git i386 1:1.7.10.4-1+wheezy1 [6,564 kB]
Get:6 http://ftp.debian.org/debian/ wheezy/main rsync i386 3.0.9-4 [357 kB]
Fetched 8,472 kB in 4s (1,806 kB/s)
Selecting previously unselected package libcurl3-gnutls:i386.
(Reading database ... 43650 files and directories currently installed.)
Unpacking libcurl3-gnutls:i386 (from .../libcurl3-gnutls_7.26.0-1_i386.deb) ...
Selecting previously unselected package patch.
Unpacking patch (from .../patch_2.6.1-3_i386.deb) ...
Selecting previously unselected package liberror-perl.
Unpacking liberror-perl (from .../liberror-perl_0.17-1_all.deb) ...
Selecting previously unselected package git-man.
Unpacking git-man (from .../git-man_1%3a1.7.10.4-1+wheezy1_all.deb) ...
Selecting previously unselected package git.
Unpacking git (from .../git_1%3a1.7.10.4-1+wheezy1_i386.deb) ...
Selecting previously unselected package rsync.
Unpacking rsync (from .../rsync_3.0.9-4_i386.deb) ...
Processing triggers for man-db ...
Setting up libcurl3-gnutls:i386 (7.26.0-1) ...
Setting up patch (2.6.1-3) ...
Setting up liberror-perl (0.17-1) ...
Setting up git-man (1:1.7.10.4-1+wheezy1) ...
Setting up git (1:1.7.10.4-1+wheezy1) ...
Setting up rsync (3.0.9-4) ...
update-rc.d: using dependency based boot sequencing
==========
install better system administration auditing tools
apt-get install auditd
=====Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
audispd-plugins
The following NEW packages will be installed:
auditd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 355 kB of archives.
After this operation, 924 kB of additional disk space will be used.
Get:1 http://ftp.debian.org/debian/ wheezy/main auditd i386 1:1.7.18-1.1 [355 kB]
Fetched 355 kB in 1s (232 kB/s)
Selecting previously unselected package auditd.
(Reading database ... 44383 files and directories currently installed.)
Unpacking auditd (from .../auditd_1%3a1.7.18-1.1_i386.deb) ...
Processing triggers for man-db ...
Setting up auditd (1:1.7.18-1.1) ...
==========
install and configure selinux (the same level of security DoD requires for many government machines)
apt-get install selinux-basics
=====Command Output=====
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
cpp-4.4 cups-driver-gutenprint foomatic-filters-ppds libbluetooth3 libfont-freetype-perl
libgmp3c2 libgs8 libjpeg62 libnl1 libpoppler5 libsysfs2 libxcb-render-util0 libxfont1
min12xxw pnm2ppa xfonts-encodings xfonts-utils xli
Use 'apt-get autoremove' to remove them.
The following extra packages will be installed:
bwidget checkpolicy libapol4 libaudit0 libdrm-intel1 libdrm-nouveau1a libdrm-radeon1
libdrm2 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libqpol1 libsetools-tcl libutempter0
libx11-xcb1 libxcb-glx0 libxcb-shape0 libxss1 libxtst6 libxv1 libxxf86dga1 policycoreutils
python-ipy python-selinux python-semanage python-sepolgen python-setools
selinux-policy-default selinux-utils setools tcl tcl8.5 tk tk8.5 x11-utils xbitmaps xterm
Suggested packages:
libglide3 selinux-policy-dev logcheck syslog-summary tcl-tclreadline mesa-utils
xfonts-cyrillic
The following NEW packages will be installed:
bwidget checkpolicy libapol4 libaudit0 libdrm-intel1 libdrm-nouveau1a libdrm-radeon1
libdrm2 libgl1-mesa-dri libgl1-mesa-glx libglapi-mesa libqpol1 libsetools-tcl libutempter0
libx11-xcb1 libxcb-glx0 libxcb-shape0 libxss1 libxtst6 libxv1 libxxf86dga1 policycoreutils
python-ipy python-selinux python-semanage python-sepolgen python-setools selinux-basics
selinux-policy-default selinux-utils setools tcl tcl8.5 tk tk8.5 x11-utils xbitmaps xterm
0 upgraded, 38 newly installed, 0 to remove and 0 not upgraded.
Need to get 36.9 MB of archives.
After this operation, 171 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1 http://ftp.debian.org/debian/ testing/main libqpol1 amd64 3.3.7-3 [222 kB]
Get:2 http://ftp.debian.org/debian/ testing/main libapol4 amd64 3.3.7-3 [113 kB]
Get:3 http://ftp.debian.org/debian/ testing/main libdrm2 amd64 2.4.33-3 [444 kB]
Get:4 http://ftp.debian.org/debian/ testing/main libdrm-intel1 amd64 2.4.33-3 [478 kB]
Get:5 http://ftp.debian.org/debian/ testing/main libdrm-nouveau1a amd64 2.4.33-3 [433 kB]
Get:6 http://ftp.debian.org/debian/ testing/main libdrm-radeon1 amd64 2.4.33-3 [440 kB]
Get:7 http://ftp.debian.org/debian/ testing/main libglapi-mesa amd64 8.0.5-3 [46.6 kB]
Get:8 http://ftp.debian.org/debian/ testing/main libx11-xcb1 amd64 2:1.5.0-1 [139 kB]
Get:9 http://ftp.debian.org/debian/ testing/main libxcb-glx0 amd64 1.8.1-2 [32.1 kB]
Get:10 http://ftp.debian.org/debian/ testing/main libgl1-mesa-glx amd64 8.0.5-3 [134 kB]
Get:11 http://ftp.debian.org/debian/ testing/main libxcb-shape0 amd64 1.8.1-2 [11.0 kB]
Get:12 http://ftp.debian.org/debian/ testing/main libxss1 amd64 1:1.2.2-1 [17.5 kB]
Get:13 http://ftp.debian.org/debian/ testing/main libxtst6 amd64 2:1.2.1-1 [26.6 kB]
Get:14 http://ftp.debian.org/debian/ testing/main libxv1 amd64 2:1.0.7-1 [21.6 kB]
Get:15 http://ftp.debian.org/debian/ testing/main libxxf86dga1 amd64 2:1.1.3-2 [22.6 kB]
Get:16 http://ftp.debian.org/debian/ testing/main python-ipy all 1:0.75-1 [31.4 kB]
Get:17 http://ftp.debian.org/debian/ testing/main python-selinux amd64 2.1.9-5 [365 kB]
Get:18 http://ftp.debian.org/debian/ testing/main python-semanage amd64 2.1.6-6 [128 kB]
Get:19 http://ftp.debian.org/debian/ testing/main python-setools amd64 3.3.7-3 [511 kB]
Get:20 http://ftp.debian.org/debian/ testing/main python-sepolgen all 1.1.5-3 [77.0 kB]
Get:21 http://ftp.debian.org/debian/ testing/main libaudit0 amd64 1:1.7.18-1.1 [68.2 kB]
Get:22 http://ftp.debian.org/debian/ testing/main policycoreutils amd64 2.1.10-9 [614 kB]
Get:23 http://ftp.debian.org/debian/ testing/main tcl8.5 amd64 8.5.11-2 [1,627 kB]
Get:24 http://ftp.debian.org/debian/ testing/main tk8.5 amd64 8.5.11-2 [1,189 kB]
Get:25 http://ftp.debian.org/debian/ testing/main tcl all 8.5.0-2 [4,636 B]
Get:26 http://ftp.debian.org/debian/ testing/main tk all 8.5.0-2 [4,674 B]
Get:27 http://ftp.debian.org/debian/ testing/main bwidget all 1.9.5-1 [240 kB]
Get:28 http://ftp.debian.org/debian/ testing/main checkpolicy amd64 2.1.8-2 [287 kB]
Get:29 http://ftp.debian.org/debian/ testing/main libgl1-mesa-dri amd64 8.0.5-3 [21.8 MB]
Get:30 http://ftp.debian.org/debian/ testing/main libsetools-tcl amd64 3.3.7-3 [638 kB]
Get:31 http://ftp.debian.org/debian/ testing/main libutempter0 amd64 1.1.5-4 [8,020 B]
Get:32 http://ftp.debian.org/debian/ testing/main selinux-utils amd64 2.1.9-5 [87.3 kB]
Get:33 http://ftp.debian.org/debian/ testing/main selinux-basics all 0.5.0 [15.5 kB]
Get:34 http://ftp.debian.org/debian/ testing/main selinux-policy-default all 2:2.20110726-12 [4,302 kB]
Get:35 http://ftp.debian.org/debian/ testing/main setools amd64 3.3.7-3 [1,418 kB]
Get:36 http://ftp.debian.org/debian/ testing/main x11-utils amd64 7.7~1 [233 kB]
Get:37 http://ftp.debian.org/debian/ testing/main xbitmaps all 1.1.1-1 [31.8 kB]
Get:38 http://ftp.debian.org/debian/ testing/main xterm amd64 278-4 [613 kB]
Fetched 36.9 MB in 19s (1,855 kB/s)
Extracting templates from packages: 100%
Selecting previously unselected package libqpol1:amd64.
(Reading database ... 55095 files and directories currently installed.)
Unpacking libqpol1:amd64 (from .../libqpol1_3.3.7-3_amd64.deb) ...
Selecting previously unselected package libapol4:amd64.
Unpacking libapol4:amd64 (from .../libapol4_3.3.7-3_amd64.deb) ...
Selecting previously unselected package libdrm2:amd64.
Unpacking libdrm2:amd64 (from .../libdrm2_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libdrm-intel1:amd64.
Unpacking libdrm-intel1:amd64 (from .../libdrm-intel1_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libdrm-nouveau1a:amd64.
Unpacking libdrm-nouveau1a:amd64 (from .../libdrm-nouveau1a_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libdrm-radeon1:amd64.
Unpacking libdrm-radeon1:amd64 (from .../libdrm-radeon1_2.4.33-3_amd64.deb) ...
Selecting previously unselected package libglapi-mesa:amd64.
Unpacking libglapi-mesa:amd64 (from .../libglapi-mesa_8.0.5-3_amd64.deb) ...
Selecting previously unselected package libx11-xcb1:amd64.
Unpacking libx11-xcb1:amd64 (from .../libx11-xcb1_2%3a1.5.0-1_amd64.deb) ...
Selecting previously unselected package libxcb-glx0:amd64.
Unpacking libxcb-glx0:amd64 (from .../libxcb-glx0_1.8.1-2_amd64.deb) ...
Selecting previously unselected package libgl1-mesa-glx:amd64.
Unpacking libgl1-mesa-glx:amd64 (from .../libgl1-mesa-glx_8.0.5-3_amd64.deb) ...
Selecting previously unselected package libxcb-shape0:amd64.
Unpacking libxcb-shape0:amd64 (from .../libxcb-shape0_1.8.1-2_amd64.deb) ...
Selecting previously unselected package libxss1:amd64.
Unpacking libxss1:amd64 (from .../libxss1_1%3a1.2.2-1_amd64.deb) ...
Selecting previously unselected package libxtst6:amd64.
Unpacking libxtst6:amd64 (from .../libxtst6_2%3a1.2.1-1_amd64.deb) ...
Selecting previously unselected package libxv1:amd64.
Unpacking libxv1:amd64 (from .../libxv1_2%3a1.0.7-1_amd64.deb) ...
Selecting previously unselected package libxxf86dga1:amd64.
Unpacking libxxf86dga1:amd64 (from .../libxxf86dga1_2%3a1.1.3-2_amd64.deb) ...
Selecting previously unselected package python-ipy.
Unpacking python-ipy (from .../python-ipy_1%3a0.75-1_all.deb) ...
Selecting previously unselected package python-selinux.
Unpacking python-selinux (from .../python-selinux_2.1.9-5_amd64.deb) ...
Selecting previously unselected package python-semanage.
Unpacking python-semanage (from .../python-semanage_2.1.6-6_amd64.deb) ...
Selecting previously unselected package python-setools.
Unpacking python-setools (from .../python-setools_3.3.7-3_amd64.deb) ...
Selecting previously unselected package python-sepolgen.
Unpacking python-sepolgen (from .../python-sepolgen_1.1.5-3_all.deb) ...
Selecting previously unselected package libaudit0.
Unpacking libaudit0 (from .../libaudit0_1%3a1.7.18-1.1_amd64.deb) ...
Selecting previously unselected package policycoreutils.
Unpacking policycoreutils (from .../policycoreutils_2.1.10-9_amd64.deb) ...
Selecting previously unselected package tcl8.5.
Unpacking tcl8.5 (from .../tcl8.5_8.5.11-2_amd64.deb) ...
Selecting previously unselected package tk8.5.
Unpacking tk8.5 (from .../tk8.5_8.5.11-2_amd64.deb) ...
Selecting previously unselected package tcl.
Unpacking tcl (from .../archives/tcl_8.5.0-2_all.deb) ...
Selecting previously unselected package tk.
Unpacking tk (from .../archives/tk_8.5.0-2_all.deb) ...
Selecting previously unselected package bwidget.
Unpacking bwidget (from .../bwidget_1.9.5-1_all.deb) ...
Selecting previously unselected package checkpolicy.
Unpacking checkpolicy (from .../checkpolicy_2.1.8-2_amd64.deb) ...
Selecting previously unselected package libgl1-mesa-dri:amd64.
Unpacking libgl1-mesa-dri:amd64 (from .../libgl1-mesa-dri_8.0.5-3_amd64.deb) ...
Selecting previously unselected package libsetools-tcl.
Unpacking libsetools-tcl (from .../libsetools-tcl_3.3.7-3_amd64.deb) ...
Selecting previously unselected package libutempter0.
Unpacking libutempter0 (from .../libutempter0_1.1.5-4_amd64.deb) ...
Selecting previously unselected package selinux-utils.
Unpacking selinux-utils (from .../selinux-utils_2.1.9-5_amd64.deb) ...
Selecting previously unselected package selinux-basics.
Unpacking selinux-basics (from .../selinux-basics_0.5.0_all.deb) ...
Selecting previously unselected package selinux-policy-default.
Unpacking selinux-policy-default (from .../selinux-policy-default_2%3a2.20110726-12_all.deb) ...
Selecting previously unselected package setools.
Unpacking setools (from .../setools_3.3.7-3_amd64.deb) ...
Selecting previously unselected package x11-utils.
Unpacking x11-utils (from .../x11-utils_7.7~1_amd64.deb) ...
Selecting previously unselected package xbitmaps.
Unpacking xbitmaps (from .../xbitmaps_1.1.1-1_all.deb) ...
Selecting previously unselected package xterm.
Unpacking xterm (from .../archives/xterm_278-4_amd64.deb) ...
Processing triggers for man-db ...
Setting up libqpol1:amd64 (3.3.7-3) ...
Setting up libapol4:amd64 (3.3.7-3) ...
Setting up libdrm2:amd64 (2.4.33-3) ...
Setting up libdrm-intel1:amd64 (2.4.33-3) ...
Setting up libdrm-nouveau1a:amd64 (2.4.33-3) ...
Setting up libdrm-radeon1:amd64 (2.4.33-3) ...
Setting up libglapi-mesa:amd64 (8.0.5-3) ...
Setting up libx11-xcb1:amd64 (2:1.5.0-1) ...
Setting up libxcb-glx0:amd64 (1.8.1-2) ...
Setting up libgl1-mesa-glx:amd64 (8.0.5-3) ...
Setting up libxcb-shape0:amd64 (1.8.1-2) ...
Setting up libxss1:amd64 (1:1.2.2-1) ...
Setting up libxtst6:amd64 (2:1.2.1-1) ...
Setting up libxv1:amd64 (2:1.0.7-1) ...
Setting up libxxf86dga1:amd64 (2:1.1.3-2) ...
Setting up python-ipy (1:0.75-1) ...
Setting up python-selinux (2.1.9-5) ...
Setting up python-semanage (2.1.6-6) ...
Setting up python-setools (3.3.7-3) ...
Setting up python-sepolgen (1.1.5-3) ...
Setting up libaudit0 (1:1.7.18-1.1) ...
Setting up policycoreutils (2.1.10-9) ...
Setting up tcl8.5 (8.5.11-2) ...
update-alternatives: using /usr/bin/tclsh8.5 to provide /usr/bin/tclsh (tclsh) in auto mode
Setting up tk8.5 (8.5.11-2) ...
update-alternatives: using /usr/bin/wish8.5 to provide /usr/bin/wish (wish) in auto mode
Setting up tcl (8.5.0-2) ...
update-alternatives: using /usr/bin/tclsh-default to provide /usr/bin/tclsh (tclsh) in auto mode
Setting up tk (8.5.0-2) ...
update-alternatives: using /usr/bin/wish-default to provide /usr/bin/wish (wish) in auto mode
Setting up bwidget (1.9.5-1) ...
Setting up checkpolicy (2.1.8-2) ...
Setting up libgl1-mesa-dri:amd64 (8.0.5-3) ...
Setting up libsetools-tcl (3.3.7-3) ...
Setting up libutempter0 (1.1.5-4) ...
Creating utempter group...
Setting up selinux-utils (2.1.9-5) ...
Setting up selinux-basics (0.5.0) ...
Generating grub.cfg ...
Found linux image: /boot/vmlinuz-3.2.0-4-amd64
Found initrd image: /boot/initrd.img-3.2.0-4-amd64
Found linux image: /boot/vmlinuz-2.6.32-5-amd64
Found initrd image: /boot/initrd.img-2.6.32-5-amd64
done
Setting up selinux-policy-default (2:2.20110726-12) ...
Notice: Trying to link (but not load) a default policy.
This process may fail -- you should check the results, and
you need to switch to this policy yourself anyway.
Locating modules
Ordering modules based on dependencies
Selecting modules based on installed packages
Loaded modules apache dbus netutils ssh devicekit lpd cups remotelogin telnet xserver xscreensaver exim apm avahi cpufreqselector pythonsupport rpc dmidecode mysql policykit portmap vbetool tcpd ftp screen dhcp consolekit lvm lda tzdata rpcbind bluetooth gpg ptchown usbmodules java pcmcia
Setting up setools (3.3.7-3) ...
Setting up x11-utils (7.7~1) ...
Setting up xbitmaps (1.1.1-1) ...cd
Setting up xterm (278-4) ...
update-alternatives: using /usr/bin/xterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
update-alternatives: using /usr/bin/uxterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
update-alternatives: using /usr/bin/lxterm to provide /usr/bin/x-terminal-emulator (x-terminal-emulator) in auto mode
==========
selinux-activate
=====Output=====
Activating SE Linux
SE Linux is activated. You may need to reboot now.
==========
reboot in linode dashboard
=====Output=====
?????Do this in a bona fide machine or VM?????
??????????
==========
Be prepared for all kinds of hands off time while the machine does stuff and reboots itself.
How did things shake out?
check-selinux-installation
=====Output=====
getfilecon: getfilecon(/proc/1) failed
SELinux is not enabled.
Could not read the domain of PID 1.
Old style ttys were found. --
/etc/pam.d/login is not SELinux enabled --
FSCKFIX is not enabled - not serious, but could prevent system from booting... --
==========
Fix the domain of PID 1 error lines
vi /etc/udev/udev.conf
---------
# The initial syslog(3) priority: "err", "info", "debug" or its
# numerical equivalent. For runtime debugging, the daemons internal
# state can be changed with: "udevadm control --log-priority=<value>".
#
# udevd is started in the initramfs, so when this file is modified the
# initramfs should be rebuilt.
udev_log="err"
no_static_dev="1"
----------
update-initramfs -k all -u
!!!!!NOTE!!!!!
Linode now requires a custom kernel inside the linode.
!!!!!!!!!!
remove old style ttys
rm /dev/pty*
rm /dev/tty*
comment the first folowing line towards the bottom of the file and add the second line beneath it
#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_selinux.so multiple
vi /etc/pam.d/login
=====/etc/pam.d/login=====
#
# The PAM configuration file for the Shadow `login' service
#
# Enforce a minimal delay in case of failure (in microseconds).
# (Replaces the `FAIL_DELAY' setting from login.defs)
# Note that other modules may require another minimal delay. (for example,
# to disable any delay, you should add the nodelay option to pam_unix)
auth optional pam_faildelay.so delay=3000000
# Outputs an issue file prior to each login prompt (Replaces the
# ISSUE_FILE option from login.defs). Uncomment for use
# auth required pam_issue.so issue=/etc/issue
# Disallows root logins except on tty's listed in /etc/securetty
# (Replaces the `CONSOLE' setting from login.defs)
#
# With the default control of this module:
# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die]
# root will not be prompted for a password on insecure lines.
# if an invalid username is entered, a password is prompted (but login
# will eventually be rejected)
#
# You can change it to a "requisite" module if you think root may mis-type
# her login and should not be prompted for a password in that case. But
# this will leave the system as vulnerable to user enumeration attacks.
#
# You can change it to a "required" module if you think it permits to
# guess valid user names of your system (invalid user names are considered
# as possibly being root on insecure lines), but root passwords may be
# communicated over insecure lines.
auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so
# Disallows other than root logins when /etc/nologin exists
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
# SELinux needs to be the first session rule. This ensures that any
# lingering context has been cleared. Without out this it is possible
# that a module could execute code in the wrong domain.
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
#
# parsing /etc/environment needs "readenv=1"
session required pam_env.so readenv=1
# locale variables are also kept into /etc/default/locale in etch
# reading this file *in addition to /etc/environment* does not hurt
session required pam_env.so readenv=1 envfile=/etc/default/locale
# Standard Un*x authentication.
@include common-auth
# This allows certain extra groups to be granted to a user
# based on things like time of day, tty, service, and user.
# Please edit /etc/security/group.conf to fit your needs
# (Replaces the `CONSOLE_GROUPS' option in login.defs)
auth optional pam_group.so
# Uncomment and edit /etc/security/time.conf if you need to set
# time restrainst on logins.
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
# as well as /etc/porttime)
# account requisite pam_time.so
# Uncomment and edit /etc/security/access.conf if you need to
# set access limits.
# (Replaces /etc/login.access file)
# account required pam_access.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
# Prints the last login info upon succesful login
# (Replaces the `LASTLOG_ENAB' option from login.defs)
session optional pam_lastlog.so
# Prints the message of the day upon succesful login.
# (Replaces the `MOTD_FILE' option in login.defs)
# This includes a dynamically generated part from /run/motd.dynamic
# and a static (admin-editable) part from /etc/motd.
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so
# Prints the status of the user's mailbox upon succesful login
# (Replaces the `MAIL_CHECK_ENAB' option from login.defs).
#
# This also defines the MAIL environment variable
# However, userdel also needs MAIL_DIR and MAIL_FILE variables
# in /etc/login.defs to make sure that removing a user
# also removes the user's mail spool file.
# See comments in /etc/login.defs
session optional pam_mail.so standard
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
# SELinux needs to intervene at login time to ensure that the process
# starts in the proper default security context. Only sessions which are
# intended to run in the user's context should be run after this.
#session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_selinux.so multiple
# When the module is present, "required" would be sufficient (When SELinux
# is disabled, this returns success.)
==========
set FIXFSCK in /etc/default/rcS
vi /etc/default/rcS
-----/etc/default/rcS-----
# /etc/default/rcS
#
# Default settings for the scripts in /etc/rcS.d/
#
# For information about these variables see the rcS(5) manual page.
#
# This file belongs to the "initscripts" package.
TMPTIME=0
SULOGIN=no
DELAYLOGIN=yes
UTC=yes
VERBOSE=no
FSCKFIX=yes
#RAMRUN=no # OBSOLETE; see /etc/default/tmpfs and tmpfs(5).
#RAMLOCK=no # OBSOLETE; see /etc/default/tmpfs and tmpfs(5).
---------
reboot in linode console
check-selinux-installation
=====Output=====
==========
!!!!!NOTE!!!!!
At this point, the base configuration is complete
!!!!!!!!!!
add a user
adduser username
=====Output=====
==========
give user restricted shell access
usermod -s /usr/bin/rssh username
!!!!!NOTES!!!!!
the six boolean digit string is for these permissions in order
rsync
rdist
cvs
sftp
scp
svnserve
user="username:770:000100:/home/username"
!!!!!!!!!!
restrict access to resources via the apache httpd php module in the /etc/php5/fpm/pool.d/username.conf
cp /etc/php5/fpm/pool.d/default.conf /etc/php5/fpm/pool.d/username.conf
vi /etc/php5/fpm/pool.d/username.conf
-----/etc/php5/fpm/pool.d/username.conf-----
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[username]
; Per pool prefix
; It only applies on the following directives:
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = username
group = username
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /home/username/.sockets/username.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0666
;listen.owner = username
;listen.group = username
;listen.mode = 0666
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = ondemand
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
;pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
;pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
;request_terminate_timeout = 0
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
;chdir = /
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
;catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
----------
set up directory structure
mkdir /home/username/hostname.tld/ /home/username/hostname.tld/http /home/username/hostname.tld/https /home/username/hostname.tld/logs /home/username/hostname.tld/certs /home/username/hostname.tld/tmp /home/username/hostname.tld/.sockets /home/username/hostname.tld/fonts
cp -R /usr/share/fonts/* /home/username/hostname.tld/fonts
change the ownership and access permissions
chown -R username:username /home/username/
chmod -R 770 /home/username/username/
find /home -type d -exec chmod 771 {} \;
chmod -R ug+s /home/username/
create sites available for the new websites
vi /etc/apache2/sites-available/hostname.tld
-----/etc/apache2/sites-available/hostname.tld-----
<VirtualHost *:80>
DocumentRoot /home/username/hostname.tld/http
ServerName hostname.tld
<Directory /home/username/hostname.tld/http/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/username-imaginary-file -socket /home/username/.sockets/username.sock -user username -group username -pass-header Authorization
Alias /fcgi-bin /tmp/username-imaginary-file
LogLevel warn
ErrorLog /home/username/hostname.tld/logs/error.log
CustomLog /home/username/hostname.tld/logs/access.log combined
</VirtualHost>
-----
likewise modify your hostname.tld-ssl virtual host configuration
vi /etc/apache2/sites-available/hostname.tld-ssl
-----/etc/apache2/sites-available/hostname.tld-ssl-----
<IfModule mod_ssl.c>
<VirtualHost *:443>
DocumentRoot /home/username/hostname.tld/https
ServerName hostname.tld
<Directory /home/username/hostname.tld/https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
<Directory /fcgi-bin/>
Order allow,deny
Allow from all
</Directory>
FastCgiExternalServer /tmp/username-ssl-imaginary-file -socket /home/username/.sockets/username.sock -user username -group username
Alias /fcgi-bin /tmp/username-ssl-imaginary-file
LogLevel warn
ErrorLog /home/username/hostname.tld/logs/error-ssl.log
CustomLog /home/username/hostname.tld/logs/access-ssl.log combined
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /home/username/hostname.tld/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /home/username/hostname.tld/certs/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /home/username/hostname.tld/certs/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /home/username/hostname.tld/certs/
#SSLCACertificateFile /home/username/hostname.tld/certs/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /home/username/hostname.tld/certs/
#SSLCARevocationFile /home/username/hostname.tld/certs/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.php$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
----------
enable the website
create self-signed certificate
openssl req -new -x509 -extensions v3_ca -keyout /home/username/hostname.tld/certs/ssl-cert-snakeoil.key -out /home/username/hostname.tld/certs/ssl-cert-snakeoil.pem -days 3650 -config /etc/ssl/openssl.cnf
=====Output=====
==========
remove the passphrase
mv /home/username/hostname.tld/certs/ssl-cert-snakeoil.key /home/username/hostname.tld/certs/ssl-cert-snakeoil.key~
openssl rsa -in /home/username/hostname.tld/certs/ssl-cert-snakeoil.key~ -out /home/username/hostname.tld/certs/ssl-cert-snakeoil.key
=====Output=====
==========
a2ensite hostname.tld-ssl
=====Output=====
==========
mysql -uadmin -p
CREATE DATABASE username;
Give your user access via both of the most common ways to log in to the database for a logged in user
GRANT ALL PRIVILEGES ON username.* TO 'username'@'localhost' IDENTIFIED BY 'pwork';
GRANT ALL PRIVILEGES ON username.* TO 'username'@'127.0.0.1' IDENTIFIED BY 'pwork';
Assuming your host has a fixed IP, you may also give access for that
GRANT ALL PRIVILEGES ON username.* TO 'username'@'YOU.R H.OST.IP' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT
Turn off 'bad' php commands like exec for some if not all users.
vi /var/www/http/index.php
-----/var/www/http/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>http://default-site</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "admin";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="http://debian-wheezy.launchhouse.lan/page.php">
</iframe>
</div>
<a href="https://debian-wheezy.launchhouse.lan/">Default HTTPS VirtualHost</a>
</body>
</html>
----------
vi /var/www/http/page.php
-----/var/www/http/page.php-----
<?php
include './phpinfo.php';
?>
----------
vi /var/www/http/phpinfo.php
-----/var/www/http/phpinfo.php-----
<?php
phpinfo();
?>
----------
vi /var/www/http/image.php
-----/var/www/http/image.php-----
<?php
/* Set width and height in proportion of genuine PHP logo */
$width = 400;
$height = 210;
/* Create an Imagick object with transparent canvas */
$img = new Imagick();
$img->newImage($width, $height, new ImagickPixel('transparent'));
/* New ImagickDraw instance for ellipse draw */
$draw = new ImagickDraw();
/* Set purple fill color for ellipse */
$draw->setFillColor('#777bb4');
/* Set ellipse dimensions */
$draw->ellipse($width / 2, $height / 2, $width / 2, $height / 2, 0, 360);
/* Draw ellipse onto the canvas */
$img->drawImage($draw);
/* Reset fill color from purple to black for text (note: we are reusing ImagickDraw object) */
$draw->setFillColor('black');
/* Set stroke border to white color */
$draw->setStrokeColor('white');
/* Set stroke border thickness */
$draw->setStrokeWidth(2);
/* Set font kerning (negative value means that letters are closer to each other) */
$draw->setTextKerning(-8);
/* Set font and font size used in PHP logo */
$draw->setFont('../fonts/truetype/msttcorefonts/arial.ttf');
$draw->setFontSize(150);
/* Center text horizontally and vertically */
$draw->setGravity(Imagick::GRAVITY_CENTER);
/* Add center "php" with Y offset of -10 to canvas (inside ellipse) */
$img->annotateImage($draw, 0, -10, 0, 'php');
$img->setImageFormat('png');
/* Set appropriate header for PNG and output the image */
header('Content-Type: image/png');
echo $img;
?>
----------
cp /var/www/http/phpinfo.php /var/www/https/phpinfo.php
cp /var/www/http/page.php /var/www/https/page.php
cp /var/www/http/image.php /var/www/https/image.php
vi /var/www/https/index.php
------/var/www/https/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>http://default-ssl-site</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "admin";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="https:debian-wheezy.launchhouse.lan/page.php">
</iframe>
</div>
<a href="http://hostname.tld/">hostname.tld HTTP VirtualHost</a>
</body>
</html>
----------
cp /var/www/http/phpinfo.php /home/username/hostname.tld/http/phpinfo.php
cp /var/www/http/page.php /home/username/hostname.tld/http/page.php
cp /var/www/http/image.php /home/username/hostname.tld/http/image.php
vi /home/username/hostname.tld/http/index.php
-----/home/username/hostname.tld/http/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>http://hostname.tld</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "username";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="http://hostname.tld/page.php">
</iframe>
</div>
<a href="https://hostname.tld/">hostname.tld HTTPS VirtualHost</a>
</body>
</html>
----------
cp /var/www/http/phpinfo.php /home/username/hostname.tld/https/phpinfo.php
cp /var/www/http/page.php /home/username/hostname.tld/https/page.php
cp /var/www/http/image.php /home/username/hostname.tld/https/image.php
vi /home/username/hostname.tld/https/index.php
-----/home/username/hostname.tld/https/index.php-----
<html>
<head>
<title>Test Page</title>
</head>
<body>
<h1>https://hostname.tld-ssl</h1>
<div id="database">
<h2>Database via PDO</h2>
<?php
$hostname = "localhost";
$username = "username";
$password = "pwork";
try {
$dbh = new PDO("mysql:host=$hostname;dbname=username", $username, $password);
echo "Connected to database\n"; // check for connection
}
catch(PDOException $e)
{
echo $e->getMessage() . "\n";
}
?>
</div>
<div id="image">
<h2>Image Stuff</h2>
<image src="image.php" />
</div>
<div id="phpinfo">
<h2>PHP info</h2>
<iframe src="https://hostname.tld/page.php">
</iframe>
</div>
<a href="http://hostname.tld/fail.php/">This page should fail per php-fpm username user scope, outside of username.conf pool permissions.</a>
</body>
</html>
----------
vi /home/username/hostname.tld/https/fail.php
-----/home/username/hostname.tld/https/fail.php-----
<?php
include '/var/www/phpinfo.php';
?>
----------
Let's do a quick reset of owners and permissions
chown -R www-data:www-data /var/www/
chmod -R 770 /var/www
find /var/www -type d -exec chmod 771 {} \;
chmod -R ug+s /var/www
chown -R username:username /home/username/
chmod -R 770 /home/username/
find /home -type d -exec chmod 771 {} \;
chmod -R ug+s /home/username/
mkdir /etc/selinux/audit2allow
THIS IS A LOOP POINT
Run through the websites.
tail /var/log/audit/audit.log
=====Output=====
==========
bypass loop if no more errors
cp /var/log/audit/audit.log /etc/selinux/audit2allow/audit##.log
cat /etc/selinux/audit2allow/audit##.log | audit2allow -m local > /etc/selinux/audit2allow/local##.te
=====Output=====
==========
checkmodule -M -m -o /etc/selinux/audit2allow/local##.mod /etc/selinux/audit2allow/local##.te
=====Output=====
checkmodule: loading policy configuration from local##.te
checkmodule: policy configuration loaded
checkmodule: writing binary representation (version 14) to local##.mod
==========
semodule_package -o /etc/selinux/audit2allow/local##.pp -m /etc/selinux/audit2allow/local##.mod
=====Output=====
==========
semodule -i /etc/selinux/audit2allow/local##.pp
=====Output=====
==========
Delete /var/log/audit/audit.log entries.
Reboot
LOOP
Look at the SELinux mess you made.
Evaluate if the automatic rules are too broad or not.
Google until your eyes bleed to fix them.
Change selinux from permissive to enforcing.
If needed, you may need to go from enforcing back to permissive while you come up with a plan.
!!!!!NOTES!!!!!
If it isn't in the reach of the user via the pool restrictions placed on the httpd process-- a php-fpm host can't access it. --for an example see the accessible 'fonts' directories along side the webroot directories and the non-accessible resources they are symlinked to (soft linked, whatever).
Turn off 'bad' php commands like exec for some if not all users.
The techniques used in the audit2allow cycles compromise the security of the system.
Use those SELinux tools as a foundation and modify the automatically generated policies that may clear a broad swath for a more fine grained rule.
Consider turning off the apache apc cache. Could get super annoying during dev work.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment