Zero Inverse

Finally figured how to compile things on my Mac to support IMAP-SSL.  MAMP does not have this compiled in by default.  Since I want to do local development without having to upload to a Linux server to test every single time, getting MAMP to support IMAP-SSL was critical.
IMAP-SSL is used for things like Gmail access.

It was not easy to compile PHP5.3.2 on MAMP. First of all, you need to download httpd2.0.63 and PHP5.3.2. (I’m using MAMP 1.9 and Mac OSX 10.6.2)

STEP 1: Backup original MAMP

Backup your MAMP Applicaiton first in case things go wrong.
It is in /Application/MAMP

STEP 2: Download source files

Download software packages and save in a “source download” folder somewhere (I used ~/src/)

• HTTPD-2.0.63
• PHP-5.3.2  (http://php.net/downloads.php)

STEP 3: Build apache httpd

This step is needed to provide MAMP some build & include files from Apache httpd.
(http://zuzara.com/blog/2010/04/08/compiling-php5-3-2-on-mamp/)

% tar jxvf httpd-2.0.63.tar.bz2
% cd httpd-2.0.63

Now you need to edit srclib/apr/include/apr.h like “#define APR_HAS_SENDFILE 0″ after run configure because get an error.

./configure \
--prefix=/tmp/httpd-2.0.63 \
--with-php \
--with-mysql \
--enable-rewrite \
--enable-speling \
--enable-ssl \
--enable-deflate \
--enable-mods-shared=all \
--with-included-apr \
--enable-so \
--enable-proxy \
--enable-proxy_connect \
--enable-proxy_ftp \
--enable-echo \
--enable-file_cache \
--enable-mem_cache \
--enable-bucketeer \
--enable-cache \
--enable-case_filter \
--enable-case_filter_in \
--enable-cgid \
--enable-charset_lite \
--enable-disk_cache \
--enable-example

The configuration settings enable the default modules that MAMP builds into their application. This will let you use the MAMP interface to turn on/off the various modules as needed (because MAMP UI controls HTTPD.CONF file).

% make
% make install
% cd /tmp/httpd-2.0.63
% cp -r build /Application/MAMP/Library/
% cp -r include /Application/MAMP/Library/
% cp -r modules/mod_* /Applications/MAMP/Library/modules/

STEP 4: Build PHP-5.3.2

Step 4a

% tar jxvf php-5.3.2
% cd php-5.3.2

The below configuration file uses a combination of MAMP-specific folders (/Applications/MAMP/) and Apple-provided files (/usr/).
For those that decide to use DarwinPorts to get some components, these will be located in (/opt/local/).  This is a way to avoid having to go to different websites to download specific modules.

My previous MAMP version was 1.8.? and had a PHP configuration for T1LIB (–with-t1lib=/Applications/MAMP/Library).  I removed T1LIB b/c not installed on MACOSX.

./configure \
--prefix=/Applications/MAMP/bin/php5.3 \
--exec-prefix=/Applications/MAMP/bin/php5.3 \
--sysconfdir=/Applications/MAMP/conf/php5.3 \
--with-config-file-path=/Applications/MAMP/conf/php5.3 \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--with-apxs2=/Applications/MAMP/Library/bin/apxs \
--enable-cli \
--with-libxml-dir=/Applications/MAMP/Library \
--with-openssl=/usr \
--with-kerberos=/usr \
--with-zlib=/usr \
--enable-bcmath \
--with-bz2=/usr \
--enable-calendar \
--with-curl=/Applications/MAMP/Library \
--enable-exif \
--enable-ftp \
--with-gd \
--with-jpeg-dir=/usr/local/libjpeg \
--with-png-dir=/usr/local/libpng \
--enable-gd-native-ttf \
--with-ldap=/usr \
--with-ldap-sasl=/usr \
--enable-mbstring=all \
--enable-mbregex \
--with-mysql=mysqlnd \
--with-mysqli=mysqlnd \
--with-pdo-mysql=mysqlnd \
--with-mysql-sock=/tmp/mysql.sock \
--with-iodbc=/usr \
--enable-shmop \
--with-snmp=/usr \
--enable-soap \
--enable-sockets \
--enable-sysvmsg \
--enable-sysvsem \
--enable-sysvshm \
--with-xmlrpc \
--with-iconv-dir=/usr \
--with-xsl=/usr \
--with-pcre-regex \
--with-imap \
--with-imap-ssl \
--with-mcrypt \
--with-mhash \
--with-freetype-dir=/usr/X11 \
--enable-zend-multibyte \
--with-gettext \
--disable-debug

Step 4b

NOTE: You may need to install some packages before compile PHP for some components that are not included.
You can use DarwinPorts, or download individually.

Manual method ==> http://www.teamonetickets.com/software/howto-setup-php-apache-mysql-dev-environment-on-snow-leopard.html
MacPorts method ==> http://zuzara.com/blog/2010/04/08/compiling-php5-3-2-on-mamp/

Instructions for JPEG & PNG missing files (http://www.bill.eccles.net/bills_words/2010/01/building-a-mac-os-x-server-106.html)

libjpeg, libpng, libmcrypt, IMAP c-client, libintl, gettext, libxml

Step 4c

Now, we need to work around a bug with inconv linking. Luckily, Apple provides a patch. Either copy the text of that patch and save it as a file or download it here.

curl -O http://www.teamonetickets.com/software/iconv.patch
patch -p1 < iconv.patch

Step 4d

Now that iconv will link properly, continue with our make.

% make -j3
% make install

Step 4e

After you have finished making PHP, it should have copied LIBPHP5.SO to your “apache” location.
libphp5.so is located where you set –prefix for apache.
It’s needed to copy to /Applications/MAMP/Library/modules.

SIDE NOTE: May need to build IMAP-SSL individually.

I am not sure if this step was needed, but I also compiled a separate IMAP.SO module (which may already be build during the PHP build).
Compile IMAP first    (http://www.activecollab.com/forums/topic/5844/)

cd imap-2007e/
make osx EXTRACFLAGS="-arch i386 -arch x86_64 -g -Os -pipe -no-cpp-precomp"
sudo cp c-client/*.h /opt/local/include/
sudo cp c-client/*.c /opt/local/lib/
sudo cp c-client/c-client.a /opt/local/lib/libc-client.a

Reroute to MAMP directory

sudo cp c-client/*.h /opt/local/include/
sudo cp c-client/*.c /opt/local/lib/
sudo cp c-client/c-client.a /opt/local/lib/libc-client.a

An alternate method is to go into PHP source file into ext/imap/ and then you can compile just the module.
Use below to CONFIGURE custom IMAP.SO compile

./configure --with-php-config=/Applications/MAMP/bin/php5.3/bin/php-config --with-imap=/usr/local --with-kerberos --with-imap-ssl=/usr

Reference Links

Original IMAP-SSL problem on MAMP
http://www.vargatron.com/2009/03/imap-ssl-with-mamp/

http://www.activecollab.com/forums/topic/5844/
http://www.teamonetickets.com/software/howto-setup-php-apache-mysql-dev-environment-on-snow-leopard.html
http://adylitica.com/2009/11/24/installing-amp-apache-mysql-php-on-mac-os-x-10-6-snow-leopard/
http://php5-imap.darwinports.com/
http://joshhuckabee.com/compiling-php5-imap-support-os-x-leopard
http://www.davidgolding.net/cakephp/upgrading-php-in-mamp.html
http://zuzara.com/blog/2010/04/08/compiling-php5-3-2-on-mamp/
http://diymacserver.com/installing-php/compiling-php-in-64-bits-mode-on-leopard/

Apparently MAMP is not compiled with IMAP SSL security support.  This can be quickly checked via PHPINFO().
The problem is you need to compile your own version of PHP to enable the support.

You can find more information here ==> http://www.vargatron.com/2009/03/imap-ssl-with-mamp/

So instead, I just went ahead and put the PHP files on my server to test IMAP functionality instead.

Just read this article and it has good pointers for anyone putting passwords on their website.

http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html

In summary, if we’re storing passwords, we’re probably storing those passwords incorrectly. If it isn’t obvious by now, cryptography is hard, and the odds of us getting it right on our own are basically nil. That’s why we should rely on existing frameworks, and the advice of experts like Thomas. What higher praise is there than that of praise from your sworn enemy?

Let’s recap:

1. Do not invent your own “clever” password storage scheme. I know, you’re smart, and you grok this crypto stuff. But through this door lies madness– and abominations like LMHash that have ongoing, worldwide security ramifications we’re still dealing with today. Take advantage of whatever password storage tools your framework provides, as they’re likely to be a heck of a lot better tested and more battle-proven than any crazy scheme you and your team can come up with on your own. Security vulnerabilities, unlike functionality bugs in your application, run deep and silent. They can lay dormant for years.
2. Never store passwords as plaintext. This feels like security 101 and is completely obvious in retrospect. But not everyone knows what you know — just ask Reddit. Store the hashes, never the actual passwords. Educate your fellow developers.
3. Add a long, unique random salt to each password you store. The point of a salt (or nonce, if you prefer) is to make each password unique and long enough that brute force attacks are a waste of time. So, the user’s password, instead of being stored as the hash of “myspace1”, ends up being stored as the hash of 128 characters of random unicode string + “myspace1”. You’re now completely immune to rainbow table attack.
4. Use a cryptographically secure hash. I think Thomas hates MD5 so very much it makes him seem a little crazier than he actually is. But he’s right. MD5 is vulnerable. Why pick anything remotely vulnerable, when you don’t have to? SHA-2 or Bcrypt would be a better choice.