aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/apc.pp4
-rw-r--r--manifests/config.pp8
-rw-r--r--manifests/fpm.pp6
-rw-r--r--manifests/init.pp4
-rw-r--r--manifests/params.pp12
-rw-r--r--manifests/series5.pp3
-rw-r--r--manifests/series7.pp3
-rw-r--r--manifests/series8.pp77
-rw-r--r--manifests/series8/defaults.pp7
-rw-r--r--manifests/series8/hardened.pp19
-rw-r--r--manifests/series8/packages.pp24
11 files changed, 159 insertions, 8 deletions
diff --git a/manifests/apc.pp b/manifests/apc.pp
index 70b17eb..8965857 100644
--- a/manifests/apc.pp
+++ b/manifests/apc.pp
@@ -4,10 +4,12 @@ class php::apc(
$fpm = $::php::fpm
$version5 = $::php::params::version5
$version7 = $::php::params::version7
+ $version8 = $::php::params::version8
$series = $::php::series
$services_version_5 = regsubst($series, '^5$', $version5)
$services_version_7 = regsubst($services_version_5, '^7$', $version7)
- $services_name = regsubst($services_version_7, '^', 'php')
+ $services_version_8 = regsubst($services_version_7, '^8$', $version8)
+ $services_name = regsubst($services_version_8, '^', 'php')
$services = regsubst($services_name, '$', '-fpm')
package { [ 'php-apcu', 'php-apcu-bc' ]:
diff --git a/manifests/config.pp b/manifests/config.pp
index e4d143e..ed35153 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -1,12 +1,16 @@
-define php::config($series = '5', $order = '20', $param = $name, $value, $ensure = 'present', $sapi = 'apache2') {
+define php::config($series = '8', $order = '20', $param = $name, $value, $ensure = 'present', $sapi = 'apache2') {
if $series == '5' {
$version = $::php::series5::version
$folder = $::php::series5::folder
}
- else {
+ elsif $series == '7' {
$version = $::php::series7::version
$folder = $::php::series7::folder
}
+ else {
+ $version = $::php::series8::version
+ $folder = $::php::series8::folder
+ }
file { "${folder}/${sapi}/conf.d/${order}-${param}.ini":
ensure => $ensure,
diff --git a/manifests/fpm.pp b/manifests/fpm.pp
index 497dc07..c4d5fc8 100644
--- a/manifests/fpm.pp
+++ b/manifests/fpm.pp
@@ -6,10 +6,14 @@ define php::fpm(
$version = $::php::params::version5
$folder = $::php::series5::folder
}
- else {
+ elsif $series == '7' {
$version = $::php::params::version7
$folder = $::php::series7::folder
}
+ else {
+ $version = $::php::params::version8
+ $folder = $::php::series8::folder
+ }
package { "php${version}-fpm":
ensure => $ensure,
diff --git a/manifests/init.pp b/manifests/init.pp
index 148c069..f170ae5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,12 +17,12 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class php(
- $series = [ '5', '7' ],
+ $series = [ '5', '7', '8' ],
$hardened = true,
$apc = absent,
$fpm = absent,
$manage_mod_php = false,
- $default_cli = '7'
+ $default_cli = '8'
) {
include php::params
diff --git a/manifests/params.pp b/manifests/params.pp
index 07f4ad1..76e2ec6 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -1,5 +1,16 @@
class php::params {
+ $version8 = $::lsbdistcodename ? {
+ 'bookworm' => '8.3',
+ default => '8.3',
+ }
+
+ $version8_previous = $::lsbdistcodename ? {
+ 'bookworm' => [ '8.2', '8.1', '8.0' ],
+ default => [ '8.2', '8.1', '8.0' ],
+ }
+
$version7 = $::lsbdistcodename ? {
+ 'bookworm' => '7.4',
'bullseye' => '7.4',
'buster' => '7.4',
'stretch' => '7.4',
@@ -7,6 +18,7 @@ class php::params {
}
$version7_previous = $::lsbdistcodename ? {
+ 'bookworm' => [ '7.3', '7.2', '7.1', '7.0' ],
'bullseye' => [ '7.3', '7.2', '7.1', '7.0' ],
'buster' => [ '7.3', '7.2', '7.1', '7.0' ],
'stretch' => [ '7.3', '7.2', '7.1', '7.0' ],
diff --git a/manifests/series5.pp b/manifests/series5.pp
index 17e1059..8a9149c 100644
--- a/manifests/series5.pp
+++ b/manifests/series5.pp
@@ -79,6 +79,7 @@ class php::series5(
# The needed apache modules
if $manage_mod_php == '5' {
$version7 = $::php::params::version7
+ $version8 = $::php::params::version8
apache::module { "php${version}":
ensure => present,
@@ -96,7 +97,7 @@ class php::series5(
require => Package["libapache2-mod-php${version}"],
}
- apache::module { "php8.0":
+ apache::module { "php${version8}":
ensure => absent,
require => Package["libapache2-mod-php${version}"],
}
diff --git a/manifests/series7.pp b/manifests/series7.pp
index dce3a89..bc3a4b1 100644
--- a/manifests/series7.pp
+++ b/manifests/series7.pp
@@ -37,6 +37,7 @@ class php::series7(
# The right apache module
if $manage_mod_php == '7' {
$version5 = $::php::params::version5
+ $version8 = $::php::params::version8
$::php::params::version7_previous.each |$item| {
apache::module { "php${item}":
@@ -54,7 +55,7 @@ class php::series7(
require => Package["libapache2-mod-php${version}"],
}
- apache::module { "php8.0":
+ apache::module { "php${version8}":
ensure => absent,
require => Package["libapache2-mod-php${version}"],
}
diff --git a/manifests/series8.pp b/manifests/series8.pp
new file mode 100644
index 0000000..00192ea
--- /dev/null
+++ b/manifests/series8.pp
@@ -0,0 +1,77 @@
+class php::series8(
+ $hardened = true,
+ $manage_mod_php = false,
+) {
+ case $::lsbdistcodename {
+ 'xenial': {
+ include php::ppa
+ }
+ 'trusty': {
+ include php::ppa
+ }
+ 'bookworm': {
+ include php::dpa
+ }
+ 'bullseye': {
+ include php::dpa
+ }
+ 'stretch': {
+ include php::dpa
+ }
+ 'buster': {
+ include php::dpa
+ }
+ }
+
+ $version = $::php::params::version8
+ $folder = "/etc/php/${version}"
+
+ include php::series8::packages
+ include php::resources
+ include php::series8::defaults
+
+ if $hardened == true {
+ include php::series8::hardened
+ }
+
+ # The right apache module
+ if $manage_mod_php == '8' {
+ $version5 = $::php::params::version5
+ $version7 = $::php::params::version7
+
+ $::php::params::version7_previous.each |$item| {
+ apache::module { "php${item}":
+ ensure => absent,
+ }
+ }
+
+ $::php::params::version8_previous.each |$item| {
+ apache::module { "php${item}":
+ ensure => absent,
+ }
+ }
+
+ apache::module { "php${version5}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
+
+ apache::module { "php${version7}":
+ ensure => absent,
+ require => Package["libapache2-mod-php${version}"],
+ }
+
+ apache::module { "php${version}":
+ ensure => present,
+ require => Package["libapache2-mod-php${version}"],
+ }
+ }
+
+ file { [ "${folder}", "${folder}/cli", "${folder}/apache2", "${folder}/cli/conf.d", "${folder}/apache2/conf.d" ]:
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => '0755',
+ require => Package['php'],
+ }
+}
diff --git a/manifests/series8/defaults.pp b/manifests/series8/defaults.pp
new file mode 100644
index 0000000..2f3958c
--- /dev/null
+++ b/manifests/series8/defaults.pp
@@ -0,0 +1,7 @@
+class php::series8::defaults {
+ php::config {
+ 'error_reporting_8' : param => 'error_reporting', series => '8', value => 'E_ALL & ~E_NOTICE & ~E_STRICT';
+ 'post_max_size_8' : param => 'post_max_size', series => '8', value => '100M';
+ 'upload_max_filesize_8' : param => 'upload_max_filesize', series => '8', value => '100M';
+ }
+}
diff --git a/manifests/series8/hardened.pp b/manifests/series8/hardened.pp
new file mode 100644
index 0000000..74b81f8
--- /dev/null
+++ b/manifests/series8/hardened.pp
@@ -0,0 +1,19 @@
+class php::series8::hardened {
+ $fpm = $::php::fpm
+ $disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, show_source, dl, symlink, system_exec'
+ #$disable_functions = 'pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,phpinfo, system, exec, shell_exec, passthru, proc_get_status, proc_open, popen, proc_close, proc_nice, proc_terminate, pcntl_exec, proc_open, curl_init, parse_ini_file, show_source, dl, symlink, syslog, mail, system_exec'
+
+ if $fpm == 'present' {
+ php::config {
+ 'allow_url_fopen_8_fpm' : param => 'allow_url_fopen', series => '8', sapi => 'fpm', value => 'Off';
+ 'allow_url_include_8_fpm' : param => 'allow_url_include', series => '8', sapi => 'fpm', value => 'Off';
+ 'disable_functions_8_fpm' : param => 'disable_functions', series => '8', sapi => 'fpm', value => $disable_functions;
+ }
+ }
+
+ php::config {
+ 'allow_url_fopen_8' : param => 'allow_url_fopen', series => '8', value => 'Off';
+ 'allow_url_include_8' : param => 'allow_url_include', series => '8', value => 'Off';
+ 'disable_functions_8' : param => 'disable_functions', series => '8', value => $disable_functions;
+ }
+}
diff --git a/manifests/series8/packages.pp b/manifests/series8/packages.pp
new file mode 100644
index 0000000..e3356e9
--- /dev/null
+++ b/manifests/series8/packages.pp
@@ -0,0 +1,24 @@
+class php::series8::packages inherits php::packages {
+ $version = $::php::params::version8
+
+ package { [ "php${version}-common", "php${version}-mysql", "php${version}-cli", "php${version}-curl", "php${version}-gmp", "php${version}-xml", "php${version}-mbstring", "libapache2-mod-php${version}" ]:
+ ensure => installed,
+ require => File['/etc/apt/sources.list.d/php.list'],
+ }
+
+ # Optional packages
+ package { [ "php${version}-gd" ]:
+ ensure => installed,
+ require => File['/etc/apt/sources.list.d/php.list'],
+ }
+
+ # Default alternative
+ if $::php::default_cli == '8' {
+ file { "/etc/alternatives/php":
+ ensure => "/usr/bin/php${version}",
+ owner => root,
+ group => root,
+ require => Package["php${version}-cli"],
+ }
+ }
+}