News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
Boxing up your Apps as Phars Quickly and Easily with Box
June 16, 2015 @ 08:44:27

The SitePoint PHP blog has a new tutorial posted showing you how to easily package up your application with Box to make phar files without the extra hassle of building them yourself.

In this tutorial, we'll use Box to package a PHP application into a Phar, in order to make it easily distributable and globally installable via Composer.

For his example he uses the PHP portion of the FolderBuilder project and makes a command-line executable that can return the information for a directory as JSON data. He starts by installing the "box" executable command on a local VM and defines the simple configuration file, a "box.json" with some basic settings. He then clones the FolderBuilder project, updates the configuration for the correct locations and files and executes the "build" command. The result is a phar file that contains the PHP script functionality. He also updates the configuration to make the result executable with a "chmod" setting, removing the need to call it with the PHP command line version. He ends the post showing how to test it out, taking the results and dropping them into FolderBuilder to make sure they're 100% correct.

0 comments voice your opinion now!
tutorial build phar archive easy box commandline tool

Link: http://www.sitepoint.com/boxing-apps-phars-quickly-easily-box/

Pádraic Brady:
Self-Updating PHARs Stable phar-updater packages now available
June 03, 2015 @ 08:28:12

Pádraic Brady has a new post to his site today talking about creating self-updating phars in PHP using his package created based on previous recommendations.

In all seriousness, phar-updater is my implementation of recommendations I made in a previous blog post around self-updating PHAR files. Those recommendations were, predictably for me, largely concerned with self-updating from a security perspective. Implementing it brought ease of use and flexible integration to the fore also. It can be surprising what a little extra work, testing and packaging can accomplish for reuse compared to throwing code into one file and calling it a day. It's been integrated into Humbug with nary an issue.

The package makes it simple to integrate the self-update functionality into your existing phar package deployment including updating running versions, enforcement of TLS connections and allows for configuration of updates based on version numbers. You can see his own example in his Humbug package's "SelfUpdate" class.

0 comments voice your opinion now!
phar selfupdate package pharupdater packagist composer

Link: http://blog.astrumfutura.com/2015/06/self-updating-phars-stable-phar-updater-packages-now-available/

Three Devs & A Maybe:
Episode 66 - Easy Like Sunday Morning
June 01, 2015 @ 08:36:01

The Three Devs & A Maybe podcast has posted their latest episode, #66 - Easy Like a Sunday Morning, with hosts Michael Budd, Fraser Hart, Lewis Cains and Edd Mann.

This week on a early Sunday morning recording, we start off podcast discussion with A/B testing and Google Analytics/Experiments. We then move on to touch upon distributing PHP console applications within PHAR's, application security and Google's recent IO conference. Following this we bring up a couple of small projects Edd is currently working on, relating to Morse Code and Colour detection algorithms. Finally, we wrap up the show by discussing the current Space Beer Cave competition that is still underway, and how one contestant is running away with the prize at this time.

Other topics mentioned include Box PHP, Ghostery and the missing mcrypt extension. You can listen to this latest episode either through the in-page audio player or by downloading the mp3. If you enjoy the show, be sure to subscribe to their feed or over in iTunes to get the latest shows as they're released.

0 comments voice your opinion now!
threedevsandamaybe podcast ep66 abtesting phar console googleio color

Link: http://threedevsandamaybe.com/easy-like-sunday-morning/

Pádraic Brady:
Securely Distributing PHARs Pitfalls and Solutions
March 04, 2015 @ 11:46:10

Pádraic Brady has a new article on his site talking about the secure distribution of phars (PHP archive files) including some of the common pitfalls and potential solutions.

The PHAR ecosystem has become a separate distribution mechanism for PHP code, distinct from what we usually consider PHP packages via PEAR and Composer. However, they still suffer from all of the same problems, namely the persisting whiff of security weaknesses in how their distribution is designed. [...] [Several security-related issues introduce an element of risk that the code you receive is not actually the code the author intended to distribute, i.e. it may decide to go do some crazy things that spell bad news when executed.

He shares some of the steps he's taken to secure his own phar for a CLI application with things like:

  • Distribute the PHAR over HTTPS
  • Enforce TLS verification
  • Sign your PHAR with a private key
  • Avoid PHAR Installer scripts
  • Manage Self-Updates securely

He finishes the post with one of the most important parts of the article - a reminder to do all of the things on the list above consistently.

This is not an outrageous outcome to introducing proper security on PHAR downloads. Go forth and do it for all PHARs. Help create an environment where distributing and installing code in secure ways is the normal expected thing to do.
0 comments voice your opinion now!
secure distribution phar solution tls https privatekey installer selfupdates

Link: http://blog.astrumfutura.com/2015/03/securely-distributing-phars-pitfalls-and-solutions/

ThePHP.cc:
PHPUnit Migration from PEAR to PHAR
January 14, 2015 @ 13:48:34

On The PHPcc's site today Sebastian Bergmann, the creator of the popular PHPUnit unit testing framework, shows you how to move to using the tool's phar file and away from the previously used PEAR install method.

In April 2014 I announced that I would shut down pear.phpunit.de on December 31, 2014. The motivation behind this move was to simplify the release process of PHPUnit by getting rid of an outdated distribution channel. I was afraid that I would leave users of my software behind by this move. [...] I am relieved that the shutdown of pear.phpunit.de went as smooth as it did. [...] In this article I show you how to make the transition from using PHPUnit from a PEAR package to using PHPUnit from a PHP Archive or using Composer as easy and convenient as possible.

There's three main steps to the migration from PEAR to the Composer-based phar installation:

  • Uninstalling PEAR Packages
  • Using PHPUnit from a PHP Archive (PHAR)
  • Installing PHPUnit with Composer

He includes the commands and configuration files/settings you'll need to make the transition happen. He also mentions that older versions are still available if there's a need but only on GitHub/Packagist as phar packages, not via PEAR.

0 comments voice your opinion now!
phpunit migration pear phar packagist composer tutorial

Link: http://thephp.cc/news/2015/01/phpunit-migration-from-pear-to-phar

Community News:
PHPUnit Announced End of Life on PEAR Installation Method
April 21, 2014 @ 10:29:53

There's a new addition to the GitHub wiki that's quite important for the PHPUnit users out there. Sebastian Bergmann has officially announced the end of life for the PEAR version of the installer for the popular PHPUnit tool.

Since PHPUnit 3.7, released in the fall of 2012, using the PEAR Installer was no longer the only installation method for PHPUnit. Today most users of PHPUnit prefer to use a PHP Archive (PHAR) of PHPUnit or Composer to download and install PHPUnit. Starting with PHPUnit 4.0 the PEAR package of PHPUnit was merely a distribution mechanism for the PHP Archive (PHAR) and many of PHPUnit's dependencies were no longer released as PEAR packages. Furthermore, the PEAR installation method has been removed from the documentation. We are taking the next step in retiring the PEAR installation method with today's release of PHPUnit 3.7.35 and PHPUnit 4.0.17.

Included in this end of life, they'll also be decommissioning pear.phpunit.de to happen no later than the end of 2014.

0 comments voice your opinion now!
pear phpunit install method composer phar download

Link: https://github.com/sebastianbergmann/phpunit/wiki/End-of-Life-for-PEAR-Installation-Method

Hasin Hayder:
Create personalized phar files in PHP
January 15, 2014 @ 09:32:42

Hasin Hayder has a quick post talking about the creation of personalized phar files (packaged up PHP applications) using the Box Project tool.

Created a screencast to show how you can create phar files, most importantly personalized phar files to store some information inside it and protect it using user's password. Those information is usable only when user providers a correct password. For packaging, I have used http://box-project.org which is an excellent phar packager. I've also used two functions from Josh Hartman's blog to encrypt and decrypt data using Rijndael algorithm.

You can watch the full screencast over on YouTube. It walks you through the entire process of creating a simple script, using the two functions (mc_encrypt and mc_decrypt) to handle the encryption and defining the Box configuration JSON to create the package.

0 comments voice your opinion now!
phar file tutorial screencast boxproject encryption password

Link: http://hasin.me/2014/01/14/create-personalized-phar-files-in-php

Sebastian Bergmann:
Using PHPUnit from a PHP Archive (PHAR)
October 08, 2012 @ 10:18:52

PHPUnit, the popular PHP unit testing tool, has undergone some changes in its methods of deployment. First it was integrated into the Composer/Packagist dependency management system and now it's been implemented as a phar archive. Sebastian Bergmann explains how to use it in his latest post.

Downloading a single file to use PHPUnit? Not an idea that is too phar out anymore! Starting with version 3.7.5, PHPUnit seems to finally work correctly when packaged as a PHP Archive (PHAR).

He includes a list of steps you can follow to pull down the latest code and use the phar branch that executes with the archive file instead of the local "phpunit" executable. Of course, you can still (as always) install PHPUnit via the PEAR process as well.

0 comments voice your opinion now!
phpunit phar archive tutorial checkout execute


Project:
Box - Making Creating PHARs Easier
August 24, 2012 @ 10:33:52

There's a new project on Github that wants to help making your phar archives for your PHP applications. The process is a little obtuse right now and Box wants to simplify it.

Box is a library and command line application for simplifying the PHAR creation process. [Features include] creating new PHARs with a simple configuration file, add and replace files in existing PHARs, extract existing PHARs, with option to cherry pick files and verify PHAR signatures.

The project is still relatively young but it looks like it's off to a good start. Phar files are a powerful tool to have in a PHP developer's arsenal but developing them can be a pain. Hopefully something like this can make life easier.

0 comments voice your opinion now!
project phar build manage creation github


PHPBuilder.com:
Two PHP 5 Security Flaws Found
July 04, 2012 @ 21:04:33

As reported in this new post on PHPBuilder.com, there are two new security issues that could allow an attacker to execute their own code (note: these are fixed by the latest releases, PHP 5.4.4 and PHP 5.3.14).

The flaws are related to each other, with the primary issue being an insecure implementation of the DES within the crypt() function. In his eSecurityPlanet article about recent PHP security updates, Sean Michael Kerner provides the details of these two security flaws.

The issue stems from a flaw in the DES implementation where certain keys are truncated before the DES digestion and a problem in the phar extension that could allow for arbitrary code execution. You can find more on these security issues here.

0 comments voice your opinion now!
security issue des phar extension upgrade



Community Events

Don't see your event here?
Let us know!


api introduction opinion interview community laravel example part2 framework php7 yii2 list podcast programming language composer series application symfony project

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework