LinuxCommandLibrary

phar

Package PHP applications into a single file

TLDR

Add one or more files or directories to a Phar file

$ phar add -f [path/to/phar_file] [path/to/file_or_directory1 path/to/file_or_directory2 ...]
copy

Display the contents of a Phar file
$ phar list -f [path/to/phar_file]
copy

Delete the specified file or directory from a Phar file
$ phar delete -f [path/to/phar_file] -e [file_or_directory]
copy

Compress or uncompress files and directories in a Phar file
$ phar compress -f [path/to/phar_file] -c [algorithm]
copy

Get information about a Phar file
$ phar info -f [path/to/phar_file]
copy

Sign a Phar file with a specific hash algorithm
$ phar sign -f [path/to/phar_file] -h [algorithm]
copy

Sign a Phar file with an OpenSSL private key
$ phar sign -f [path/to/phar_file] -h openssl -y [path/to/private_key]
copy

Display help and available hashing/compression algorithms
$ phar help
copy

SYNOPSIS

Since 'phar' is not a standalone Linux command, its usage revolves around the PHP interpreter:

php <phar_file> [arguments...]

To execute a PHAR archive. The `arguments` are passed to the script inside the PHAR.

php -d phar.readonly=0 -r 'new Phar("archive.phar");'

Example of programmatic interaction with a PHAR archive using PHP CLI's evaluation mode. Actual PHAR creation/manipulation is done via PHP scripts or frameworks, not a direct `phar` command line utility.

PARAMETERS

<phar_file>
    The path to the PHAR archive to be executed. This is the primary 'argument' to the php interpreter when running a PHAR.

[arguments...]
    Optional arguments passed directly to the PHP script encapsulated within the PHAR archive. These are parsed by the script's logic, not the php interpreter itself.

-d <name>[=<value>]
    (PHP CLI option) Sets a PHP INI entry (e.g., memory_limit) for the execution of the PHAR. This affects the PHP runtime environment.

-c <path>
    (PHP CLI option) Specifies an alternative php.ini file to be used instead of the default when executing the PHAR.

-n
    (PHP CLI option) Prevents any php.ini file from being loaded, ensuring a clean PHP runtime environment for the PHAR execution.

DESCRIPTION

The term "phar" refers to a PHP Archive, a file format introduced in PHP 5.3 that packages an entire PHP application into a single file. Unlike standard Linux commands like `tar` or `zip`, `phar` is not a standalone system utility. Instead, it's a specialized archive format primarily executed and managed by the PHP interpreter.

A PHAR file can contain source code, images, and other assets, making deployment and distribution of PHP applications easier. It behaves much like a `.jar` file for Java or an `.exe` file for Windows, allowing an application to run by simply invoking the PHAR file with the PHP CLI (e.g., php myapp.phar).

The PHAR extension within PHP provides functionalities to create, modify, and extract these archives programmatically. From a command-line perspective on Linux, interacting with a PHAR typically involves using the `php` executable to run the archived script or to manage the archive itself.

CAVEATS

The `phar` format is specific to PHP and requires a PHP interpreter to be installed and accessible on the system. It is not a general-purpose archiving tool like `tar` or `zip`. Security is a significant concern: executing untrusted PHAR files can lead to severe vulnerabilities, as they are essentially executable PHP scripts. The phar.readonly PHP INI setting (defaulting to '1') prevents modification of PHAR archives, requiring it to be explicitly set to '0' for creation or modification operations, typically for security reasons.

CREATING AND MODIFYING PHARS

PHAR archives are typically created and modified programmatically using PHP's built-in Phar class. Developers write PHP scripts that leverage this class to add files, set a bootstrap script, sign the archive, and compress its contents. There isn't a standalone `phar` command-line utility for this purpose; it's all handled within PHP scripts or tools built on top of the Phar class (e.g., Composer's `phar-util`).

SECURITY CONSIDERATIONS

PHAR files are executables. Just like any other executable, they can contain malicious code. PHP includes features like PHAR signing (SHA1, SHA256, MD5) to verify the integrity and origin of an archive. Users should only execute PHAR files from trusted sources. The phar.readonly INI setting is a crucial security measure, preventing accidental or malicious modification of existing PHARs on a server.

HISTORY

The PHAR (PHP Archive) format was introduced in PHP 5.3, released in June 2009. Its development aimed to address the need for a single-file distribution mechanism for PHP applications, similar to Java's JAR archives. Before PHAR, deploying PHP applications often involved distributing many individual files and managing dependencies. The PHAR extension provided a robust, built-in solution for packaging, signing, and executing PHP applications as self-contained units, significantly simplifying deployment and management tasks for developers.

SEE ALSO

php(1), tar(1), zip(1)

Copied to clipboard