Translation(s): none

PHP and Debian

note: this page is a work in progress.


From the package description:

  PHP is an HTML-embedded scripting language. Much of its syntax is borrowed
  from C, Java and Perl with a couple of unique PHP-specific features thrown
  in. The goal of the language is to allow web developers to write dynamically
  generated pages quickly.

This page contains information and links helpful for users and packagers of PHP software in Debian. It also contains any errata for the latest stable release of Debian. It is not meant to supercede documentation provided in the PHP packages, nor is it meant as a general reference for programming in PHP. For those see the Further Information section.

The first place you should go for information

/usr/share/doc/php*. Most notably, README.Debian and NEWS.Debian, just like any other package. Note that if you are visiting this page while following the directions in that file, abort now because you're in an infinite loop :)

How PHP is packaged in Debian

Available versions

Please check the Debian PTS for specific version information.


PHP version

squeeze 6


wheezy 7


Jessie 8


Stretch 9




PHP 4 was provided up to DebianEtch (php 4). It was removed and replaced by php5 in DebianLenny. PHP 7.0 was added in Stretch (php7.0).

Available packages

Up until Debian Jessie, for every N where N is a php major version, a metapackage phpN exists which will require at least one functioning php server engine installed (i.e. libapache2-mod-php5, php5-cgi, etc).

Since Debian 9 (Stretch), for every M.N where M is a php major version and N is a php minor version, a metapackage php exists which will require a default phpM.N package which will require at least one functioning PHP server engine (i.e. libapache2-mod-php7.0, php7.0-fpm or php7.0-cgi)

Beyond this, there's always:

apt-cache search php

...will give you a long list of php related packages. For more specifics on the package naming schemes, you should check the PHP draft policy in Further Information.

Developer access

See PHP/GitUsage.

Configuration layout

Debian Jessie and below

For each major release N of PHP (where N is 4 or 5), each of the 4 SAPI's (apache/apache2/cgi/cli) have a different central configuration file /etc/phpN/$SAPI/php.ini.

Additionally, each SAPI is configured with the compile-time option


Any file found in this directory ending in .ini will be treated as a configuration file by the PHP SAPI.

Debian Stretch and up

For each major.minor release M.N of PHP (where M is 7 and N is 0, 1, ...), each of the SAPI's (apache2/cgi/fpm/cli/phpdbg/...) have a different central configuration file /etc/php/M.N/$SAPI/php.ini

Additionally, each SAPI is configured with the compile-time option


Any file found in this directory ending in .ini will be treated as a configuration file by the PHP SAPI.

The environment variable PHP_INI_SCAN_DIR can be set to override the compile-time option.

For packagers of PHP applications/modules/libraries

You should consider taking a look at the PHP draft policy. There's also a mailing list for web applications packagers, . While the list is technically for webapp packaging-related issues, you should feel welcome to post purely PHP-packaging-related questions as well, as there is a significant overlap in the audience and you're more likely to get a response from here than from mailing the PHP packagers.

The extensions are expected to install their configuration to /etc/php/M.N/mods-available for each M.N tuple the extension has been compiled with and enable the extension as appropriate using /usr/lib/php/php-maintscript-helper.

The easiest way how to package PECL extension is to use dh-php package and helpers included within this package.

For those interested in helping with PHP in Debian

The first thing you should do is send an email to the Debian PHP maintainer's list, Help is often needed and always appreciated.

Notes on PHP and security

It's highly recommended that you read in /usr/share/doc/php*.

In short, security support for PHP places a high load on the package maintainers, because of the volume of security-related issues and the difficulty of working with the upstream authors in finding the fixes. As such, PHP security issues are typically triaged with different priorities based on the particulars of the issue.

The Debian PHP maintainers work fairly closely with the Debian security (esp. secure-testing) teams, as well as the Ubuntu PHP maintainers, so you can be generally assured that properly reported bugs tagged as security-relevant will be handled as promptly and transparently as possible.

Jessie 8 errata

Jessie 8 is now Stable. No errata has been logged here for it.

Wheezy 7 errata

Wheezy 7 is now ?OldStable. No errata has been logged here for it.

Notes on Floating Point Rounding

See PHP/Rounding for some discussion of why floating point rounding does not behave as expected.

Further Information