@henderkes This resolve the `symlink` issue for the symlink deployment
strategy.
_alpine already have the force flag._
---------
Signed-off-by: Nordine <5256921+kitro@users.noreply.github.com>
closes https://github.com/php/frankenphp/pull/1753
closes https://github.com/php/frankenphp/issues/2156
As per discussion here
https://github.com/php/frankenphp/discussions/2060#discussioncomment-15299936
I went ahead with different repos for different php versions. Versioned
support with stuff like `apt install frankenphp8.5` or `apk add
frankenphp85` are technically also ready, but I'm not running any CI for
that yet. I don't think it's worth it at this point as it would double
the amount of runs.
The old debian repository with only 8.4 is deprecated but will receive
updates for a few more months.
Every update/installation will print this notice, though, which will
hopefully make everyone aware:
```console
# running update from 8.4.15...
Unpacking php-zts-cli (8.4.16-1) ...
Setting up php-zts-cli (8.4.16-1) ...
================================================================================
⚠️ DEPRECATION NOTICE
================================================================================
The single-version php-zts repository is deprecated and will no longer receive updates.
Please migrate to the new repository with different PHP versions available.
More information: https://pkgs.henderkes.com
================================================================================
```
Updated the installer to version 8.5.
The current configuration is not able to start FrankenPHP when mercure
and SELinux are used with a Caddyfile like this:
```Caddyfile
mercure {
transport bolt {
path mercure.db
}
}
```
closes https://github.com/php/frankenphp/issues/2035
Exact error:
```
SELinux is preventing /usr/bin/frankenphp from map access on the file /var/lib/frankenphp/mercure.db.
***** Plugin catchall_boolean (89.3 confidence) suggests ******************
If you want to allow domain to can mmap files
Then you must tell SELinux about this by enabling the 'domain_can_mmap_files' boolean.
Do
setsebool -P domain_can_mmap_files 1
***** Plugin catchall (11.6 confidence) suggests **************************
If you believe that frankenphp should be allowed map access on the mercure.db file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'frankenphp' --raw | audit2allow -M my-frankenphp
# semodule -X 300 -i my-frankenphp.pp
Additional Information:
Source Context system_u:system_r:httpd_t:s0
Target Context system_u:object_r:httpd_var_lib_t:s0
Target Objects /var/lib/frankenphp/mercure.db [ file ]
Source frankenphp
Source Path /usr/bin/frankenphp
Port <Unknown>
Host localhost
Source RPM Packages frankenphp-1.10.0_84-1.x86_64
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-3.14.3-139.el8_10.1.noarch
Local Policy RPM selinux-policy-targeted-3.14.3-139.el8_10.1.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost
Platform Linux localhost
4.18.0-553.81.1.el8_10.x86_64 #1 SMP Mon Oct 27
11:29:19 EDT 2025 x86_64 x86_64
Alert Count 12
First Seen 2025-10-29 17:25:26 CET
Last Seen 2025-11-25 17:18:19 CET
Local ID c4e79504-117e-4e9f-ad8c-f0bcc4856697
Raw Audit Messages
type=AVC msg=audit(1764087499.320:475517): avc: denied { map } for pid=322613 comm="frankenphp" path="/var/lib/frankenphp/mercure.db" dev="md3" ino=93716492 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:httpd_var_lib_t:s0 tclass=file permissive=0
type=SYSCALL msg=audit(1764087499.320:475517): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=8000 a2=1 a3=1 items=0 ppid=1 pid=322613 auid=4294967295 uid=991 gid=988 euid=991 suid=991 fsuid=991 egid=988 sgid=988 fsgid=988 tty=(none) ses=4294967295 comm=frankenphp exe=/usr/bin/frankenphp subj=system_u:system_r:httpd_t:s0 key=(null)
Hash: frankenphp,httpd_t,httpd_var_lib_t,file,map
```
* add ./create-rpm.sh file to build a "frankenphp" rpm package
* also build a deb package
* renamed to build-packages
* linter...
* add depends
* linter again?
* linter number 3
* linter number 4
* set default locations for ini file, conf files and extensions
* set unified path for modules that should be ok on all dists
* add default content into "package" folder
* make file executable
* worker is in public folder
* what on earth did I do x)
* use same FRANKENPHP_VERSION and make sure to let pr's run the rpm generation too (version 0.0.0) to see issues
* install ruby, fpm and rpm-build
* move to after changing base urls because it would fail with packages not found
* ruby 3 build needs gcc 10
* rpm-build is necessary too...
* and I forgot to link the package folder
* create directories if they don't exist
* copy out all frankenphp* files?
* lint fix
* only copy frankenphp-* files
* only copy frankenphp-* files
* the .deb file is name frankenphp_1.5.0... - create output folder instead and upload all things inside that
will simplify things when later adding xdebug.so and ffi.so
* update the last two steps to use the gh-output directory
* add post install script to set frankenphp able to bind to port 80 for non-root users
* dnf over yum, I think the yum alias was removed in RH 9.5
* newlines
* newlines
* add text what missing libcap means
* copy php.ini-production from php-src, linter, update ruby version
* move Caddyfile to /etc/frankenphp/Caddyfile
* linter
* fix a copy and paste error
* better describe fallback to 0.0.0
* linter
* copy installation scripts from official caddy packages, change user to frankenphp too
* bombombom
* make files executable
* tabs
* linter
* linter again
* use empty directory for three different destinations instead of keeping three empty local directories
* caddy says the file is incorrectly formatted without these spaces
* remove wildcard matcher from root directive
* Apply suggestions from code review
commit suggested changes to preinstall/postinstall scripts
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
* Update dev.Dockerfile
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
* remove misleading comment
* update documentation for paths
* update documentation for paths some more
* fix musl opcache-jit issue
* markdown linter
* the damn tab
* Apply suggestions from code review
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
* drop dev.Dockerfile php location from config.md
* add php config note to CONTRIBUTING.md
* dashes instead of asterisks in chinese docs
* fix package building
* create frankenphp user in case it doesn't exist for deb packages
* create users if they don't exist, delete them again if they didn't exist
* satisfy linter
* create the user with the same commands as the postinst/preinstall scripts
* Removes toolchain requirements.
* trigger
* Removes explicit calls to go get
* trigger
* setcap by default
* simplify example project
* bring page more in line with the caddy / apache / nginx default page
* update to html 5
* oopsies
* revert style to original
* remove https:// (caddy uses http:// on RHEL, :80 on Debian)
---------
Co-authored-by: Kévin Dunglas <kevin@dunglas.fr>
Co-authored-by: Alliballibaba <alliballibaba@gmail.com>
