The ppa:ondrej/php repository is maintained by Ondřej Surý, a Debian developer and PHP package maintainer. This PPA provides:
- Latest PHP versions not yet in official Ubuntu repositories
- Multiple PHP versions side-by-side installations
- Common extensions and dependencies
While the PPA is widely used, you should verify its components:
# List installed packages from the PPA
apt list --installed | grep ondrej
# Sample output:
# php8.1/now 8.1.2-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,local]
# php8.1-cli/now 8.1.2-1+ubuntu20.04.1+deb.sury.org+1 amd64 [installed,local]
The repository does include numerous dependencies because PHP has many optional extensions. Common packages you might see include:
- libapache2-mod-php* - Apache integration
- php*-* - Various extensions (curl, gd, mysql, etc.)
- *-dev packages - Development headers
To safely use this PPA:
# 1. Verify package signatures
apt-key list | grep Ondřej
# 2. Pin specific versions if needed
echo "Package: php*
Pin: release o=LP-PPA-ondrej-php
Pin-Priority: 1001" | sudo tee /etc/apt/preferences.d/ondrej-phpFor critical systems, consider:
- Using Docker containers with specific PHP images
- Setting up a private package mirror with only needed packages
- Regularly auditing installed packages with:
apt-get changelog php8.1 | head -n 20If you need minimal installation:
# Install only specific PHP version and extensions
sudo apt install php8.1 php8.1-cli php8.1-common \
php8.1-mysql php8.1-curl --no-install-recommendsThe repository is generally safe when used properly, but always evaluate your specific security requirements.
The ppa:ondrej/php repository is maintained by Ondřej Surý, a Debian developer who provides up-to-date PHP packages for Ubuntu systems. This PPA is widely used in the PHP community because it offers:
- Newer PHP versions than official Ubuntu repositories
- Multiple PHP versions side-by-side
- Extensions not available in standard repos
When you run apt-get upgrade after adding this PPA, you might see many additional packages being installed. Let's examine some common ones:
# Typical additional packages you might see:
libapache2-mod-php8.1
php8.1-cli
php8.1-common
php8.1-curl
php8.1-gd
php8.1-mysql
php8.1-opcache
php8.1-readline
php8.1-xml
Before trusting any third-party repository, consider these security aspects:
# Verify the package signatures
apt-key list | grep -A1 "Ondřej Surý"
# Sample output should show:
# pub rsa4096 2015-09-16 [SC]
# 14AA 40EC 0831 7567 56D7 F66C 4F4E A0AA E526 7A6C
# uid [ unknown] Ondřej Surý <ondrej@debian.org>
For critical production systems, I recommend these precautions:
# 1. Pin specific PHP versions
sudo nano /etc/apt/preferences.d/php-pinning
# Add:
Package: php*
Pin: release o=LP-PPA-ondrej-php
Pin-Priority: 1001
# 2. Use Docker containers for isolation
docker run -it --rm ubuntu:20.04 bash -c \
"apt update && apt install -y software-properties-common && \
add-apt-repository ppa:ondrej/php -y && \
apt install -y php8.1"
To check what exactly changed in your system:
# List all PHP-related packages
dpkg -l | grep php | awk '{print $2}'
# Check modified configuration files
sudo find /etc -name "*.php" -type f -exec ls -la {} \;
# Verify package sources
apt-cache policy php8.1
If you're uncomfortable with the PPA, consider:
- Compiling PHP from source with only needed extensions
- Using official Docker PHP images (php:8.1-apache)
- Deploying via cloud provider's managed PHP services