Working with .phar files
It is possible to pack an entire PHP web application up in one single file and run it without unpacking it. This files usually have a .phar extension, which is an acronym for PHp ARchive, loosely based on jar (Java ARchive).
With PHP 5.3.0, the Phar extension is an official part of PHP. Shipping your applications as Phar thus is safe since 5.2 has reached its EOL already.
Pros and Cons
Distributing a application as Phar is not all sunshine, some things need to be considered:
- The full application - preferably with all dependencies - is contained in one file
- No unpacking needed. You drop it into your web server's document directory and it runs
- Upgrades are easy, at least for the casual user. Download the new version, use it.
- The application's code cannot easily be changed by attackers.
- Since all depepdencies are included, setup is painless and you can run several versions in parallel.
- Incremental updates are not possible. You always have to download the full new version.
- Upgrading is a manual process unless automated otherwise. If the web app is distributed via a PEAR package, upgrading is much easier for admins.
- Looking inside the application and changing files to add own changes is hard.
- Access to the README file or upgrade instructions is hard opposed to "normally" distributed PHP applications where you see the README and open it in an editor.
- Most web servers do not recognize .phar files, thus initial administrative work is needed until the situation gets fixed.
For me, Phar archives are a nice way to try out new software with minimal setup issues.
Until the Linux distributions have strong Phar support, you should not rely on Phar exclusively to distribute your web application.
Tools to work with .phar files
While .phar files can be saved as .zip and .tar and you can open them with a normal compression utility, adding/extracting the meta data and index file stub is impossible without special tools.
PHP's source distribution ships with a phar executable that provides a comprehensive interface to Phar files:$ phar help-list add compress delete extract help help-list info list meta-del meta-get meta-set pack sign stub-get stub-set tree version
With its command line interface, you can create new Phar files, extract files from existing ones or repack, compress, sign and change their meta data and index stub.
Unfortunately, neither Debian nor Ubuntu ship that tool with their PHP packages.
building, signing and verifying Phar archives with OpenSSL public/private keys
Either clone the git repository or install it from it's PEAR channel:$ pear channel-discover pear.kotowicz.net $ pear install kotowicz/PharUtil-beta
Phing, my favorite build tool, is able to create Phar archives natively:
I'm using it to generate the SemanticScuttle Phar release file on deployment automatically.
Things to consider
Truncated by Planet PHP, read more at the original (another 2863 bytes)