phar-io / phive Goto Github PK
View Code? Open in Web Editor NEWThe Phar Installation and Verification Environment (PHIVE)
Home Page: https://phar.io
License: BSD 3-Clause "New" or "Revised" License
The Phar Installation and Verification Environment (PHIVE)
Home Page: https://phar.io
License: BSD 3-Clause "New" or "Revised" License
Install the PHIVE PHAR by providing a composer plugin that will trigger the installation
By running phive selfupdate
PHIVE should download the most recent version of the PHIVE PHAR from phar.io and replace the current active version with it.
Before downloading the PHAR, the SSL certificate of https://phar.io must be validated against the cainfo file from the currently active PHAR . Only it the certificate has been signed by the expected CA authority (and is generally valid), the update will start.
Currently phive will always install the latest known version of a PHAR.
It should be possible to install a specific version:
phive install [email protected]
It should also be possible to determine the latest applicable version for a given pattern:
phive install phpunit@~4.0
Patterns should work as they do in composer
[/tmp] ➔ php70 ~/Dropbox/bin/phive.phar version
Phive 0.1.0 - Copyright (C) 2015 by Arne Blankerts and Sebastian Heuer
[/tmp] ➔ php70 ~/Dropbox/bin/phive.phar update-repository-list
Downloading repository list from https://phar.io/data/repositories.xml
PHP Fatal error: Uncaught TypeError: Argument 1 passed to TheSeer\CLI\ExceptionHandler::handleException() must be an instance of Exception, instance of Error given in phar:///home/glen/Dropbox/bin/phive.phar/vendor/theseer/cli/src/ExceptionHandler.php:16
Stack trace:
#0 [internal function]: TheSeer\CLI\ExceptionHandler::handleException(Object(Error))
#1 {main}
thrown in phar:///home/glen/Dropbox/bin/phive.phar/vendor/theseer/cli/src/ExceptionHandler.php on line 16
If you run phive install
with the -save
option, an entry in phive.xml should be created for each PHAR that could be successfully installed.
Example:
phive install -save phpunit@^4.8
should create an entry similar to this:
<phar name="phpunit" version="^4.8"/>
(Similar to npm's --save flag)
Currently the default target directory is written to phive.xml as an absolute path. This should be a relative path instead to facilitate moving the project to another location.
Running phive status
should return global status information containing all known phars, the installed versions and their usages.
The command should also check if newer applicable versions of the known PHARs exist and mark updatable entries.
Utilize the available CURL options to harden SSL checks.
Like composer? It is unlikely that you can pin point a specific release with a signature? Will those ever be supported?
Currently the filename of the GPG signature file for a phar is composed by using the filename of the phar and adding .asc
. The phar.io repository URL allows providing a custom filename for the signature file and Phive should act accordingly.
The way I understand the phive install phpdox bin/phpdox
example on the phar.io website is that this syntax installs the tools identified by phpdox
to bin/phpdox
.
When I try to use phive to install phpunit
to /usr/local/bin/phpunit
then the phive binary gets corrupted:
$ wget https://phar.io/releases/phive.phar
$ mv phive.phar /usr/local/bin/phive
$ chmod +x /usr/local/bin/phive
$ ll ~/.phive
ls: cannot access /home/sb/.phive: No such file or directory
$ phive install phpunit /usr/local/bin/phpunit
Downloading repository list from https://phar.io/data/repositories.xml
Downloading https://phar.io/data/repositories.xml
Downloading https://phar.phpunit.de/phive.xml
Downloading https://phar.phpunit.de/phpunit-5.3.1.phar
Downloading https://phar.phpunit.de/phpunit-5.3.1.phar.asc
Downloading key 4AA394086372C20A
Trying https://hkps.pool.sks-keyservers.net
[WARNING] Failed with status code 0:
[ERROR] PublicKey 4AA394086372C20A not found on key servers
[ERROR]
$ phive install phpunit /usr/local/bin/phpunit
Warning: require(phar://phive.phar//src/Factory.php): failed to open stream: phar error: internal corruption of phar "/usr/local/bin/phive" (actual filesize mismatch on file "src/Factory.php") in /usr/local/bin/phive on line 132
Call Stack:
0.0001 398104 1. {main}() /usr/local/bin/phive:0
0.0003 463504 2. spl_autoload_call() /usr/local/bin/phive:139
0.0003 463600 3. PharIo\Phive\{closure}() /usr/local/bin/phive:139
Fatal error: require(): Failed opening required 'phar://phive.phar//src/Factory.php' (include_path='.:/usr/share/pear:/usr/share/php') in /usr/local/bin/phive on line 132
Call Stack:
0.0001 398104 1. {main}() /usr/local/bin/phive:0
0.0003 463504 2. spl_autoload_call() /usr/local/bin/phive:139
0.0003 463600 3. PharIo\Phive\{closure}() /usr/local/bin/phive:139
Scan composer.json
and find tools that are listed in the phar.io repository list. Create an entry in phive.xml
for each of these tools accordingly.
Download failed (HTTP status code 0) SSL certificate problem: self signed certificate in certificate chain
")where.exe gpg
)ConsoleOutput
instead of ColoredConsoleOutput
When installing a new version of a PHAR, check if the GPG key used to sign it changed. If it did, display a warning to the user.
It should be possible to add a file called phive.xml
to any project and then run phive install
without any argument should install all tools specified in that file.
Example:
<phive xmlns="https://phar.io/phive">
<phar name="phpunit" version="~4.6" />
<phar url="https://some.tld/tool.phar" />
</phive>
please consider providing sha1 signed phar to avoid such errors:
[/tmp] ➔ phive.phar
PHP Fatal error: Uncaught exception 'PharException' with message 'phar "/home/glen/Dropbox/bin/phive.phar" has a unsupported signature' in /home/glen/Dropbox/bin/phive.phar:102
Stack trace:
#0 /home/glen/Dropbox/bin/phive.phar(102): Phar::mapPhar('phive.phar')
#1 {main}
thrown in /home/glen/Dropbox/bin/phive.phar on line 102
please see if you can also build more compatible phar file:
sebastianbergmann/phpunit#1948 (comment)
sebastianbergmann/phpunit#1948 (comment)
sebastianbergmann/phpunit@4ef58ab
Currently the path to the gpg binary is hardcoded to /usr/bin/gpg - this will not work for OSX. Pragmatic fix: add a list of possible paths and iterate over them until an existing file is found.
Installation of PHARs fails if the setting phar.readonly
is set to On
in php.ini
(which is the default) and PHIVE has been installed as a PHAR.
$ phive install phpunit [9:20:56]
Downloading https://phar.phpunit.de/phive.xml
Downloading https://phar.phpunit.de/phpunit-5.3.1.phar
Downloading https://phar.phpunit.de/phpunit-5.3.1.phar.asc
[ERROR] Undefined offset: 2
[ERROR] An error occured while processing your request:
DOMDocument::save(phar:///usr/local/bin/phive/src/../phive.xml): failed to open stream: phar error: write operations disabled by the php.ini setting phar.readonly
#0 har:///usr/local/bin/phive/src/shared/repository/WritableXmlRepository.php(10)
#1 unknown file(0): PharIo\Phive\Cli\Runner->errorHandler()
#2 har:///usr/local/bin/phive/src/shared/repository/WritableXmlRepository.php(10): DOMDocument->save()
#3 har:///usr/local/bin/phive/src/shared/config/PhiveXmlConfig.php(19): PharIo\Phive\WritableXmlRepository->save()
#4 har:///usr/local/bin/phive/src/commands/install/InstallCommand.php(61): PharIo\Phive\PhiveXmlConfig->addPhar()
#5 har:///usr/local/bin/phive/src/shared/cli/Runner.php(51): PharIo\Phive\InstallCommand->execute()
#6 usr/local/bin/phive(141): PharIo\Phive\Cli\Runner->run()
#7 {main}
Environment: PHP 5.6.19
Phive Version: 0.2.0
This should not have happend and is most likely a bug.
Please report it at https://github.com/phar-io/phive/issues, make sure you include
the full output of this error message. Thank you!
When running on Windows, instead of creating a symlink to a downloaded PHAR, a .bat file should be created that executes the PHAR. That way we circumvent the shortcomings of managing symlinks and also can make sure the tools can be executed directly.
Currently phive writes the given version constraint (e.g. "^5.2.3") to phive.xml after successful installation. To be able to reinstall the exact same versions in another environment, we additionally need to write the exact version number of the installed phar to phive.xml as well.
That way phive install
can pick up the exact versions, while phive update
uses the version constraint to install the latest applicable versions.
The way I understand the phive install phpdox bin/phpdox
example on the phar.io website is that this syntax installs the tool identified by phpdox
to bin/phpdox
.
Per #43 (comment) this "example is wrong" and the functionality is not yet implemented.
This ticket is intended to track the missing feature.
The phive client should be able to fetch information on available releases directly from GtiHub. Example URL for the Releases API: https://api.github.com/repos/theseer/phpdox/releases
I just installed phive and ran it for the first time. It seems to work, but I'm getting a notice:
$ ./phive.phar
Phive 0.1.0 - Copyright (C) 2015 by Arne Blankerts and Sebastian Heuer
PHP Notice: Undefined index: _ in phar:///home/mattsches/bin/phive/phive.phar/src/shared/Environment.php on line 66
PHP Stack trace:
PHP 1. {main}() /home/mattsches/bin/phive/phive.phar:0
PHP 2. TheSeer\CLI\Runner->run() /home/mattsches/bin/phive/phive.phar:106
PHP 3. PharIo\Phive\HelpCommand->execute() phar:///home/mattsches/bin/phive/phive.phar/vendor/theseer/cli/src/Runner.php:18
PHP 4. PharIo\Phive\Environment->getBinaryName() phar:///home/mattsches/bin/phive/phive.phar/src/commands/help/HelpCommand.php:36
[...]
$ php -v
PHP 5.6.11-1ubuntu3.1 (cli)
No time to look into the code right now, sorry :(
It should be possible to add a custom repository list (e.g. ~/.phive/repositories.local.xml
) with user-defined aliases and their respective repository URLs.
The local repository list can NOT override entries from PHIVE's own repository list.
It should be possible to run phive install
with a variable number of phars, which then will be installed in order. Example:
phive install phpunit@~4.8 phpab https://example.com/foo.phar
$ phive install phpunit /tmp/phpunit
Phive 0.3.0 - Copyright (C) 2015-2016 by Arne Blankerts, Sebastian Heuer and Contributors
Downloading https://phar.phpunit.de/phive.xml [ 58.41 KB / 58.41 KB - 100% ]
phpunit is already installed, skipping.
[ERROR] Invalid argument supplied for foreach()
My problem is similar to #29 but additionally to adding aliases (or changing the single dashes to double dashes) it would be nice if bad arguments produce errors.
When using phive install --copy phpunit
it just symlinks, when instead it should tell me that there's no --copy
flag.
--target Set custom target directory for the PHAR
-copy Copy PHAR file instead of using symlink
-global Install PHAR globally (likely to require root privileges)
-temporary Do not add entries in phive.xml for installed PHARs
Another example using a non-existing flag which doesn't provide any error:
phive install --duck phpdox
Phive 0.3.0 - Copyright (C) 2015-2016 by Arne Blankerts, Sebastian Heuer and Contributors
currently it shows Import key 4AA394086372C20A? [Y|n]
before it imports a key, but it should show some more informations about the keys.
Or at least the gpg command to check the key myself. ( I expect most of the targeted users will not know yet how to check a gpg key)
Hi :) Why do you run Phive as a separate project from Composer? I think this functionality would be highly useful for any Composer user! Also, integrating it there would allow you to reuse a lot of existing infrastructure.
$ phive install --target /tmp phpunit
Phive 0.3.0 - Copyright (C) 2015-2016 by Arne Blankerts, Sebastian Heuer and Contributors
[ERROR] Setting mode for directory "/tmp" failed.
When installing a phar, an entry should be created in the project's phive.xml
. A flag (name tbd) can be provided to prevent that.
If PHIVE encounters any errors, a matching exit code should be returned.
Verify that the downloaded PHAR is properly signed.
If loaded from a repository with meta data support, verify the SH-* signature of the PHAR matches the expected signature found in the repository.
List of needed extensions could come out of composer.json or a manifest file included in the downloaded PHAR.
Check for PHAR files that are not used anymore (i.e. no references in the phar repository xml) and remove them.
It should be possible to rebuild a project's symlink to a phar defined in the local phive repository by running phive reset [pharname]
If [pharname
] is omitted, all known symlinks will be rebuild for the current project.
Feature idea as introduced by @sagikazarmark in #7
By running phive install [pharname] -global
a PHAR should be installed and made executable within the PHIVE home directory so it can be executed from any location.
To install phars from github's releases it should suffice to specify the github username and projectname to get to the correct release.
The documentation contains the following command:
$ gpg --verify https://phar.io/releases/phive.phar.asc phive.phar
This does not work for me:
gpg: can't open `https://phar.io/releases/phive.phar.asc'
gpg: verify signatures failed: file open error
Tried with both gpg (GnuPG) 1.4.20 and gpg (GnuPG) 2.1.9.
A PHAR should be updated to it's latest applicable version by running phive update [pharname]
If [pharname] is omitted, all PHARs in the current project will be updated.
The repositories.xml should only be downloaded from phar.io when an alias is installed that cannot be resolved using GitHub.
$ phive install phpunit
Phive 0.2.0-91-g4dd3159 - Copyright (C) 2015-2016 by Arne Blankerts, Sebastian Heuer and Contributors
Downloading repository list from https://phar.io/data/repositories.xml
Downloading https://phar.io/data/repositories.xml [ 873 B / 873 B - 100% ]
Downloading https://phar.phpunit.de/phive.xml [ 57.52 KB / 57.52 KB - 100% ]
Downloading https://phar.phpunit.de/phpunit-5.3.1.phar [ 2.70 MB / 2.70 MB - 100% ]
Downloading https://phar.phpunit.de/phpunit-5.3.1.phar.asc [ 819 B / 819 B - 100% ]
Downloading key 4AA394086372C20A
Trying https://hkps.pool.sks-keyservers.net
[WARNING] Failed with status code 0: error setting certificate verify locations:
CAfile: phar:///vagrant/phive/build/phar/phive-0.2.0-91-g4dd3159.phar/src/../conf/ssl/ca_certs/sks-keyservers.netCA.pem
CApath: /etc/ssl/certs
[ERROR] PublicKey 4AA394086372C20A not found on key servers
As @theseer found out this is due to the fact that Curl is unable to access files that lie within a PHAR (https://bugs.php.net/bug.php?id=69035).
The suggested workaround is to copy the .pem file to a temporary location (outside of the phar) and let Curl use that file instead.
$ phive install phpunit
Downloading repository list from https://phar.io/data/repositories.xml
Downloading key 4AA394086372C20A
Trying https://hkps.pool.sks-keyservers.net
[WARNING] Failed with status code 0:
[WARNING] Installation from repository https://phar.phpunit.de/phive.xml failed: Key 4AA394086372C20A not found on key servers
Installation failed
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.