Install SUHOSIN on virtualmin server?

4 posts / 0 new
Last post
#1 Sun, 11/25/2012 - 10:47
netizen

Install SUHOSIN on virtualmin server?

Hi all,

I want to install SUHOSIN on my Virtualmin environment however I can't find a straightforward method of doing it, without breaking things!

I tried to install it via CentALT repo (http://centos.alt.ru/repository/centos/readme.txt) but I think that it will break the virtualmin server (a production server). The yum log was the following:

=====================================================
[root@server yum.repos.d]# yum install php-suhosin
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.mirror.connexeon.net
* centosplus: centos.mirror.connexeon.net
* extras: centos.mirror.connexeon.net
* updates: centos.mirror.connexeon.net
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php-suhosin.i686 2:0.9.33-2.el6 will be installed
--> Processing Dependency: php(zend-abi) = 20090626-x86-32 for package: 2:php-suhosin-0.9.33-2.el6.i686
--> Running transaction check
---> Package php-common.i686 0:5.3.3-14.el6_3 will be updated
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-pdo-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-cli-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-xmlrpc-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-imap-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-mbstring-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-pgsql-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-odbc-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-mysql-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-xml-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-gd-5.3.3-14.el6_3.i686
--> Processing Dependency: php-common = 5.3.3-14.el6_3 for package: php-snmp-5.3.3-14.el6_3.i686
---> Package php-common.i686 0:5.3.18-1.el6 will be an update
--> Running transaction check
---> Package php.i686 0:5.3.3-14.el6_3 will be updated
---> Package php.i686 0:5.3.18-1.el6 will be an update
---> Package php-cli.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-cli.i686 0:5.3.18-1.el6 will be an update
---> Package php-gd.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-gd.i686 0:5.3.18-1.el6 will be an update
--> Processing Dependency: libt1.so.5 for package: php-gd-5.3.18-1.el6.i686
---> Package php-imap.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-imap.i686 0:5.3.18-1.el6 will be an update
---> Package php-mbstring.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-mbstring.i686 0:5.3.18-1.el6 will be an update
---> Package php-mysql.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-mysql.i686 0:5.3.18-1.el6 will be an update
--> Processing Dependency: libmysqlclient.so.18(libmysqlclient_16) for package: php-mysql-5.3.18-1.el6.i686
--> Processing Dependency: libmysqlclient.so.18(libmysqlclient_18) for package: php-mysql-5.3.18-1.el6.i686
--> Processing Dependency: libmysqlclient.so.18 for package: php-mysql-5.3.18-1.el6.i686
---> Package php-odbc.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-odbc.i686 0:5.3.18-1.el6 will be an update
---> Package php-pdo.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-pdo.i686 0:5.3.18-1.el6 will be an update
---> Package php-pgsql.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-pgsql.i686 0:5.3.18-1.el6 will be an update
---> Package php-snmp.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-snmp.i686 0:5.3.18-1.el6 will be an update
---> Package php-xml.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-xml.i686 0:5.3.18-1.el6 will be an update
---> Package php-xmlrpc.i686 0:5.3.3-14.el6_3 will be updated
---> Package php-xmlrpc.i686 0:5.3.18-1.el6 will be an update
--> Running transaction check
---> Package mysql-libs.i686 0:5.1.66-1.el6_3 will be updated
--> Processing Dependency: libmysqlclient.so.16 for package: perl-DBD-MySQL-4.013-3.el6.i686
--> Processing Dependency: libmysqlclient.so.16 for package: mysql-devel-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient.so.16 for package: 2:postfix-2.6.6-2.2.el6_1.i686
--> Processing Dependency: libmysqlclient.so.16 for package: mysql-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient.so.16 for package: mysql-server-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16) for package: perl-DBD-MySQL-4.013-3.el6.i686
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16) for package: 2:postfix-2.6.6-2.2.el6_1.i686
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16) for package: mysql-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient.so.16(libmysqlclient_16) for package: mysql-server-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient_r.so.16 for package: mysql-devel-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient_r.so.16 for package: mysql-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient_r.so.16 for package: mysql-server-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16) for package: mysql-5.1.66-1.el6_3.i686
--> Processing Dependency: libmysqlclient_r.so.16(libmysqlclient_16) for package: mysql-server-5.1.66-1.el6_3.i686
--> Processing Dependency: mysql-libs = 5.1.66-1.el6_3 for package: mysql-5.1.66-1.el6_3.i686
---> Package mysql-libs.i686 0:5.5.28-1.el6 will be an update
---> Package t1lib.i686 0:5.1.2-6.el6_2.1 will be installed
--> Running transaction check
---> Package mysql.i686 0:5.1.66-1.el6_3 will be updated
---> Package mysql.i686 0:5.5.28-1.el6 will be an update
---> Package mysql-devel.i686 0:5.1.66-1.el6_3 will be updated
---> Package mysql-devel.i686 0:5.5.28-1.el6 will be an update
---> Package mysql-server.i686 0:5.1.66-1.el6_3 will be updated
---> Package mysql-server.i686 0:5.5.28-1.el6 will be an update
--> Processing Dependency: libaio.so.1(LIBAIO_0.4) for package: mysql-server-5.5.28-1.el6.i686
--> Processing Dependency: libaio.so.1 for package: mysql-server-5.5.28-1.el6.i686
--> Processing Dependency: libprotobuf-lite.so.6 for package: mysql-server-5.5.28-1.el6.i686
--> Processing Dependency: libevent-1.4.so.2 for package: mysql-server-5.5.28-1.el6.i686
--> Processing Dependency: libJudy.so.1 for package: mysql-server-5.5.28-1.el6.i686
--> Processing Dependency: libaio.so.1(LIBAIO_0.1) for package: mysql-server-5.5.28-1.el6.i686
---> Package perl-DBD-MySQL.i686 0:4.013-3.el6 will be updated
---> Package perl-DBD-MySQL.i686 0:4.020-1.el6 will be an update
---> Package postfix.i686 2:2.6.6-2.2.el6_1 will be updated
---> Package postfix.i686 2:2.9.4-1.el6 will be an update
--> Running transaction check
---> Package libaio.i686 0:0.3.107-10.el6 will be installed
---> Package libevent.i686 0:1.4.13-4.el6 will be installed
---> Package mysql-server.i686 0:5.5.28-1.el6 will be an update
--> Processing Dependency: libprotobuf-lite.so.6 for package: mysql-server-5.5.28-1.el6.i686
--> Processing Dependency: libJudy.so.1 for package: mysql-server-5.5.28-1.el6.i686
--> Finished Dependency Resolution
Error: Package: mysql-server-5.5.28-1.el6.i686 (CentALT)
           Requires: libprotobuf-lite.so.6
Error: Package: mysql-server-5.5.28-1.el6.i686 (CentALT)
           Requires: libJudy.so.1

You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
=====================================================

I did not proceed as I don't what will happen to virtualmin. Any suggestions?

I am running Centos 6, i386 with the latest virtualmin and the default repos.

Your advise is very welcome!

Sun, 11/25/2012 - 17:57
andreychek

Howdy,

Yeah, those are some pretty big changes that it's proposing, I don't think I'd be comfortable doing that on a server I was managing.

Installing a single package from a third party repo is one thing (and something to be cautious about), but the large number of dependencies it's trying to install is definitely something I would suggest against.

-Eric

Mon, 11/26/2012 - 05:21
netizen

I totally agree. The question remains however, how do we install SUHOSIN without breaking the rest of the system?

Anyone?

Mon, 11/26/2012 - 08:31
andreychek

Howdy,

Hmm, that's a fine question!

I'll offer that Ubuntu and Debian include Suhosin built into PHP by default... but that's not really helpful to getting you up and running on CentOS :-)

So how would you get it working on CentOS?

Well, the first key is that you'd probably want a version of the module compiled to use the PHP version within your existing distro, rather than their own custom PHP version.

The EPEL repo is good about that sort of thing... you may want to take a peek at this php-suhosin version here:

http://pkgs.org/centos-6-rhel-6/epel-i386/php-suhosin-0.9.29-2.el6.i686....

If you download that .rpm, and then run "rpm -ivh" on it as root, it should (in theory) install cleanly onto your system.

Let us know if that does the trick for you!

-Eric

Topic locked