PHP 5.3.3 with FPM, Suhosin and APC

Doing some tests I compiled from sources php 5.3.3 with the new suhosin patch and latest apc on Ubuntu 10.04. I did this waiting for the official packages to be available in the Ubuntu repositories. It works great and I discovered something: the memory consumption is lower (including the committed memory) even though the compiled modules are the same as those installed through apt. Can someone explain this? Is there a difference between the loading of libraries in an apt install versus a manual compilation of the sources?

5 Replies

Maybe you didn't compile in all the same extensions.

This is my apt install from your php-fpm repo:

apt-get install php-pear php5-cgi php5-fpm php5-cli php5-common php5-curl php5-mysql php5-suhosin php-apc php5-gd

And this is my configure script:

./configure \
    --with-config-file-path=/usr/local/lib/php \
    --with-curl \
    --with-pear \
    --with-gd \
    --with-jpeg-dir \
    --with-png-dir \
    --with-zlib \
    --with-xpm-dir \
    --with-freetype-dir \
    --with-t1lib \
    --with-mcrypt \
    --with-mhash \
    --with-mysql \
    --with-mysqli \
    --with-pdo-mysql \
    --with-openssl \
    --with-xmlrpc \
    --with-xsl \
    --with-bz2 \
    --with-gettext \
    --with-fpm-user=www-data \
    --with-fpm-group=www-data \
    --enable-fpm \
    --enable-exif \
    --enable-wddx \
    --enable-zip \
    --enable-bcmath \
    --enable-calendar \
    --enable-ftp \
    --enable-mbstring \
    --enable-soap \
    --enable-sockets \
    --enable-sqlite-utf8 \
    --enable-shmop \
    --enable-dba \
    --enable-sysvmsg \
    --enable-sysvsem \
    --enable-sysvshm

They look the same to me.

And the munin graph:

~~![](<URL url=)http://cdnv.info/stuff/memory-week.png" />

From the 19th to 23rd is a normal apt install, with 5 children spawned, from 23rd to 25th is compiled from sources with 5 children, and from 25th till present source compiled with 10 children spawned. The jigsaw look is due to the many compiles and stress tests. Normally it is very clean linear graph.~~

These are the switches I use, taken from the official Ubuntu package:

                --build=$(DEB_BUILD_GNU_TYPE) \
                --host=$(DEB_HOST_GNU_TYPE) \
                --sysconfdir=/etc \
                --mandir=/usr/share/man \
                --disable-debug \
                --with-regex=php \
                --disable-rpath \
                --disable-static \
                --with-pic \
                --with-layout=GNU \
                --with-pear=/usr/share/php \
                --enable-calendar \
                --enable-sysvsem \
                --enable-sysvshm \
                --enable-sysvmsg \
                --enable-bcmath \
                --with-bz2 \
                --enable-ctype \
                --with-db4 \
                --without-gdbm \
                --with-iconv \
                --enable-exif \
                --enable-ftp \
                --with-gettext \
                --enable-mbstring \
                --with-pcre-regex=/usr \
                --enable-shmop \
                --enable-sockets \
                --enable-wddx \
                --with-libxml-dir=/usr \
                --with-zlib \
                --with-kerberos=/usr \
                --with-openssl=/usr \
                --enable-soap \
                --enable-zip \
                --with-mhash=yes \
                --with-exec-dir=/usr/lib/php5/libexec \
                --with-system-tzdata
                --with-config-file-path=/etc/php5/fpm \
                --with-config-file-scan-dir=/etc/php5/fpm/conf.d \
                --sysconfdir=/etc/php5/fpm \
                --localstatedir=/var \
                --enable-fpm \
                --with-libevent-dir=/usr \
                --with-fpm-user=www-data --with-fpm-group=www-data

This is a list of patches applied, also copied from the Ubuntu official package:

001-libtool_fixes.patch
002-static_openssl.patch
004-ldap_fix.patch
006-debian_quirks.patch
libtool2.2.patch
013-force_getaddrinfo.patch
017-pread_pwrite_disable.patch
019-z_off_t_as_long.patch
029-php.ini_paranoid.patch
033-we_WANT_libtool.patch
034-apache2_umask_fix.patch
036-fd_setsize_fix.patch
043-recode_size_t.patch
044-strtod_arm_fix.patch
045-exif_nesting_level.patch
047-zts_with_dl.patch
052-phpinfo_no_configure.patch
053-extension_api.patch
057-no_apache_installed.patch
100-recode_is_shared.patch
101-sqlite_is_shared.patch
108-64_bit_datetime.patch
112-proc_open.patch
113-php.ini_securitynotes.patch
115-autoconf_ftbfs.patch
116-posixness_fix.patch
libdb_is_-ldb
page_size_fixes.patch
suhosin.patch
fix_broken_upstream_tests.patch
use_embedded_timezonedb.patch
force_libmysqlclient_r.patch
bad_whatis_entries.patch
gentoo/009_ob-memory-leaks.patch
mssql-null-exception.patch
sybase-alias.patch
strcmp_null-OnUpdateErrorLog.patch
#deprecate_short_open_tag
unaligned_memory_access.patch
fix_broken_5.3_tests.patch
dont-gitclean-in-build.patch
broken_5.3_test-posix_uname.patch
shtool_mkdir_-p_-race-condition.patch
qdbm-is-usr_include_qdbm.patch
filter_validate_int.patch
zend_int_overflow.patch
fix_var_dump_64bit.phpt.patch
use_embedded_timezonedb_fixes.patch
fix_broken_sha2_test.patch
php_crypt_revamped.patch
fix_broken_locale_tests.patch
fix_broken_gd_bundled-specific_tests.patch
CVE-2010-0397.patch
enchant_unaligned_memory_access.patch
fix-mysql-badmem.patch
session_save_path.patch

So there might be some differences.

Thank you for this complete response. I completely forgot about all the patches involved in an official release. So the next question will be, when do you plan on releasing the newer version :D (just kidding)

Tracking the official package is easiest for me and safest. It's all tested and configured by the official maintainers and if a security patch is released the Ubuntu guys take care of it and I just add back in the sapi/fpm.

So sticking with 5.3.2 is the most stable solution for now.

I'll probably create a testing repo and try it some time though.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct