koto / phar-util Goto Github PK

Hi,

First thanks for the great tool!
Wow!

I'm defiantly going to use it.

I was wonder if you also have an idea or other solution how to encrypt the PHAR file so it could not be read as php code. So even I extract the PHAR file, I will have nothing.

I know about Zend Guard and ionCube that can encrypt your code, but I'm not sure if they support PHAR, in such a way that files inside the PHAR can be encrypted.

My goal is to distributed my php code, which should run on remote clients and make it secure as possible. The solution you develop here is super coool and save me almost 90% of the work, but I'm still missing the option to decode/decrypt the source files.

I have check ionCube and they seems to support PHAR, so I might be able to do so.
but I also going to check bcompiler.

Was wondering if u have any idea how to create a "LOCKED" or phar archive.

Thanks
Sassy

http://github.com/koto/phar-util/blob/master/phar-build.php#L193

Is it possible to have an exit call placed here that will allow another script (such as a bash script) to determine if the build failed? It would be extremely useful for automated build scripts.

When trying to add the PEAR channel from pear.kotowicz.net, the domain doesn't exist anymore.

In here why don't we just verify the public key before trying to use it?

        // When public key is invalid, openssl throws a
        // 'supplied key param cannot be coerced into a public key' warning
        // and phar ignores sig verification.
        // We need to protect from that by catching the warning

I think openssl_pkey_get_public($certificate) would do the job. So this is an input validation task, which should be in the setter and not in the processing code as some kind of workaround...

Btw why don't you send an issue about this feature. Maybe phar maintainers add it to the next release. (it is weird to talk about libs which haven't have maintenance for such a long time)

Several test cases fail with errors:

phpunit RemotePharVerifierTest.php
PHPUnit 3.7.13 by Sebastian Bergmann.

...EE.......................EEEEE

Time: 0 seconds, Memory: 6.00Mb

There were 7 errors:

1. PharUtil_RemotePharVerifierTest::testVerifyDoesntCopyToVerifiedDir
   RuntimeException: rmdir(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/tmp/..): Directory not empty

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:247
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:27

2. PharUtil_RemotePharVerifierTest::testVerifyCorrectlyVerifies with data set #0 ('wrongsig.phar')
   RuntimeException: unlink(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/tmp): No such file or directory

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:249
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:17

3. PharUtil_RemotePharVerifierTest::testMovingToVerifiedDirectory
   RuntimeException: rmdir(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/verified/.): Directory not empty

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:247
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:27

4. PharUtil_RemotePharVerifierTest::testInvalidFileWontReachVerifiedDirectory
   RuntimeException: rmdir(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/verified/.): Directory not empty

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:247
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:27

5. PharUtil_RemotePharVerifierTest::testRenamingAFileStillMaintainsValidation
   RuntimeException: rmdir(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/tmp/..): Directory not empty

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:247
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:17

6. PharUtil_RemotePharVerifierTest::testIncludingVerifiedFile
   RuntimeException: rmdir(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/verified/.): Directory not empty

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:247
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:27

7. PharUtil_RemotePharVerifierTest::testVerifyingUsuallyKeepsFilenames
   RuntimeException: rmdir(/usr/share/php/tests/PharUtil/test/PharUtil/tmp/verified/.): Directory not empty

/usr/share/php/PharUtil/RemotePharVerifier.php:182
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:247
/usr/share/php/tests/PharUtil/test/PharUtil/RemotePharVerifierTest.php:27

FAILURES!
Tests: 33, Assertions: 62, Errors: 7.

https://github.com/damianb/phar-util/blob/master/PharUtil/RemotePharVerifier.php#L154

No $overwrite parameter is present, and no param docs are present for param $local_path.

RemotePharVerifier.php is missing a ) on line 2 in version 0.6.1.

https://github.com/koto/phar-util/blob/master/PharUtil/RemotePharVerifier.php#L2

Missing a closing parenthesis )

Thank you !

Upon executing phar-build:
obsidian@lithion-mint ~/code/crcverify $ phar-build --phar verifier.phar
PHP Fatal error: Call to undefined method SplFileInfo::isDot() in /usr/bin/phar-build on line 161
PHP Stack trace:
PHP 1. {main}() /usr/bin/phar-build:0
phar-build 0.5.3

Building Phar archive from ./src...
adding ./src/bootstrap.php
adding ./src/vendor
PHP Fatal error:  Call to undefined method SplFileInfo::isDot() in /usr/bin/phar-build on line 161
PHP Stack trace:
PHP   1. {main}() /usr/bin/phar-build:0

uname:
obsidian@lithion-mint ~/code/crcverify $ uname -a
Linux lithion-mint 2.6.32-21-generic #32-Ubuntu SMP Fri Apr 16 08:09:38 UTC 2010 x86_64 GNU/Linux

PHP info:
obsidian@lithion-mint ~/code/crcverify $ php -v
PHP 5.3.2-1ubuntu4.5 with Suhosin-Patch (cli) (built: Sep 17 2010 13:49:46)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with Xdebug v2.0.5, Copyright (c) 2002-2008, by Derick Rethans

If you need additional info, just ask.

Hi:
I came accross another issue using this tool in the same block of code:
// buildFromIterator unfortunately sucks and skips nested directories (?)
foreach ($iterator as $file) {
echo "adding " . $file . PHP_EOL;
if ($file->isFile()) {
$phar->addFile($file, str_replace($options['src'], '', $file));
}
if ($file->isDir() && !$iterator->isDot()) {
// this also doesn't work :(
$phar->addEmptyDir(str_replace($options['src'], '', $file));
}
}
}
the thing is that if you use this code against a dir structure like a/b/a/c.php then the str_replace will replace both "a" giving back something like /b//c.php and the build will fail...
so my propose about this is using the ltrim function that ensures the strip just from the beginning of the string,
also a suggest about this piece of code is that the check on the !$iterator->isDot() is made in the entire block of code so we don't get the adding a/b/c/. and a/b/c/.. and we avoid the entire process on that.
So the proposed piece of code:
foreach ($iterator as $file) {
if (!$iterator->isDot()){
echo "adding " . $file . PHP_EOL;
if ($file->isFile()) {
//$phar->addFile($file, str_replace($options['src'], '', $file));
$phar->addFile($file, ltrim($file,$options['src']));
}
if ($file->isDir() ) {
// this also doesn't work :(
// $phar->addEmptyDir(str_replace($options['src'], '', $file));
$phar->addEmptyDir(ltrim($file,$options['src']));
}
}
}

again thanks for this job, :D

Should look into stripping comments from files before they're stored in the phar. While I'm not sure how exactly this could be implemented, I do know that Silex, the Symfony2 microframework https://github.com/fabpot/Silex, does this itself.
If used, it should trim down the size of the phar file substantially if the files have a healthy amount of inline documentation; after all, those lines aren't needed since it's being packaged into a phar.

Anways, this seems to be implemented using a method defined in the Symfony kernel, looking at this function: https://github.com/fabpot/Silex/blob/master/src/Silex/Compiler.php#L70
Which, in turn, apparently uses a giant loop over token_get_all()
(documentation: http://us3.php.net/manual/en/function.token-get-all.php)

Consider this a feature request, I guess.

If I get the chance in a few weeks/months, I'll see if I can work out implementation myself but right now I'm pressed for time as I've got several papers to do for english, a speech to hammer out, and exams on the horizon.

Hi!

I have a great need to create self-executable Phars...

I need the ability to add the following to the very top of the generated phars:

#!/bin/env php
<?php

Can you please add this support via a command line argument to phar-util?

Thanks!

Hi,
I tried to create a phar archive without signing it (using -n or --ns option).

Building Phar archive from home...
PHP Warning:  file_get_contents(./cert/priv.pem): failed to open stream: No such file or directory in /usr/bin/phar-build on line 142
PHP Stack trace:
PHP   1. {main}() /usr/bin/phar-build:0
PHP   2. file_get_contents() /usr/bin/phar-build:142
Error: Could not load private key from './cert/priv.pem'!

Thanks for this great tools :)