LinuxCommandLibrary

phive

Manage and verify Phar installation files

TLDR

Display a list of available aliased Phars

$ phive list
copy

Install a specified Phar to the local directory
$ phive install [alias|url]
copy

Install a specified Phar globally
$ phive install [alias|url] [[-g|--global]]
copy

Install a specified Phar to a target directory
$ phive install [alias|url] [[-t|--target]] [path/to/directory]
copy

Update all Phar files to the latest version
$ phive update
copy

Remove a specified Phar file
$ phive remove [alias|url]
copy

Remove unused Phar files
$ phive purge
copy

List all available commands
$ phive help
copy

SYNOPSIS

phive [options] command [arguments]

PARAMETERS

--home
    Specifies the phive home directory (default: ~/.phive)

--no-interaction
    Disables interactive prompts

--trust-gpg-keys
    Trusts the given GPG keys

--temporary-directory
    Sets the temporary directory (default: system's temporary directory)

--debug
    Enables debug output

--version
    Shows the version number and exit

help [command]
    Displays help for a specific command

list
    Lists all installed PHARs

install [...]
    Installs a PHAR. If no PHAR is specified, installs all PHARs defined in phive.xml

uninstall
    Uninstalls a PHAR

update [...]
    Updates a PHAR. If no PHAR is specified, updates all PHARs defined in phive.xml

exec [arguments...]
    Executes a phar

phar-url
    Resolves a PHAR alias to its URL

known-signatures
    Lists all known signatures

remove-key
    Removes a key from the trusted keys list

reset
    Resets phive configuration

skel
    Generates a phive.xml skeleton file

status
    Shows the status of phive

purge
    Purges the phive cache

add-key
    Adds a GPG key to the trusted keys list

import-key
    Imports a GPG key from a file

signatures
    Verifies signatures

verify []
    Verifies a phar

DESCRIPTION

Phive is a tool for managing PHP dependencies, specifically PHAR (PHP Archive) files. It allows you to install, update, and verify PHARs globally or on a per-project basis. Phive ensures the integrity of PHARs by verifying their SHA-256 checksums against a trusted repository. This helps prevent the use of compromised or malicious PHARs. Phive also handles resolving dependencies and downloading the correct versions of PHARs.

Unlike Composer, Phive is designed specifically for PHARs, making it ideal for managing command-line tools and other standalone PHP applications. It simplifies the process of making these tools available across your system or within specific projects. Phive uses a `phive.xml` or `phive.xml.dist` file to define project dependencies, similar to Composer's `composer.json` file.

PHAR INTEGRITY

Phive's primary strength lies in its ability to guarantee the integrity of PHAR files. It does this by downloading PHARs and verifying their SHA256 hashes against a list of trusted checksums. If a PHAR has been tampered with, or if the checksum does not match, Phive will refuse to install or execute the PHAR. This dramatically reduces the risk of using malicious code.

GLOBAL VS. PROJECT INSTALLATIONS

Phive can install PHARs both globally and on a per-project basis. Global installations make PHARs available system-wide. Project installations store PHARs within a specific project directory, ensuring that each project uses the correct versions of its dependencies and is not affected by changes to global installations. The installation location is determined by Phive's configuration and the command-line options used.

SEE ALSO

composer(1), gpg(1)

Copied to clipboard