diff --git a/reference/phar/Phar/setSignatureAlgorithm.xml b/reference/phar/Phar/setSignatureAlgorithm.xml index 069f46f89d..833a687d9f 100644 --- a/reference/phar/Phar/setSignatureAlgorithm.xml +++ b/reference/phar/Phar/setSignatureAlgorithm.xml @@ -1,9 +1,9 @@ - + Phar::setSignatureAlgorithm - set the signature algorithm for a phar and apply it. The + set the signature algorithm for a phar and apply it. @@ -11,6 +11,7 @@ arrayPhar::setSignatureAlgorithm intsigtype + stringprivatekey &phar.write; @@ -18,8 +19,14 @@ set the signature algorithm for a phar and apply it. The signature algorithm must be one of Phar::MD5, Phar::SHA1, Phar::SHA256, - Phar::SHA512, or Phar::PGP - (pgp not yet supported and falls back to SHA-1). + Phar::SHA512, or Phar::OPENSSL. + + + Note that all phar-based and tar-based phar archives have a signature created + automatically, SHA1 by default. data tar-based archives + (archives created with the PharData class) must have + their signature created and set explicitly via + Phar::setSignatureAlgorithm. @@ -33,7 +40,26 @@ One of Phar::MD5, Phar::SHA1, Phar::SHA256, - Phar::SHA512, or Phar::PGP + Phar::SHA512, or Phar::OPENSSL + + + + + privatekey + + + The contents of an OpenSSL private key, as extracted from a certificate or + OpenSSL key file: + + setSignatureAlgorithm(Phar::OPENSSL, $pkey); + ]]> + + See phar introduction for instructions on + naming and placement of the public key file. @@ -51,8 +77,8 @@ &reftitle.errors; Throws UnexpectedValueException for many errors, - BadMethodCallException if called for a zip- or - a tar-based phar archive, and a PharException + BadMethodCallException if called for a zip-based phar + archive, and a PharException if any problems occur flushing changes to disk. diff --git a/reference/phar/constants.xml b/reference/phar/constants.xml index 931a48d749..0da496e236 100644 --- a/reference/phar/constants.xml +++ b/reference/phar/constants.xml @@ -1,5 +1,5 @@ - + &reftitle.constants; @@ -141,11 +141,12 @@ - Phar::PGP + Phar::OPENSSL (integer) 0x0010 - signature with PGP (unimplemented) + signature with OpenSSL public/private key pair. This is a true, + asymmetric key signature. @@ -181,30 +182,6 @@ of Phar::webPhar that the extension should be parsed as a PHP source file through highlight_file - - - Phar::SHA256 - (integer) - - 0x0003 - signature with sha256 hash algorithm (requires hash extension) - - - - Phar::SHA512 - (integer) - - 0x0004 - signature with sha512 hash algorithm (requires hash extension) - - - - Phar::PHP - (integer) - - 0x0010 - signature with PGP (unimplemented) - diff --git a/reference/phar/fileformat.xml b/reference/phar/fileformat.xml index d3b626c60c..c85c6b8acf 100644 --- a/reference/phar/fileformat.xml +++ b/reference/phar/fileformat.xml @@ -1,5 +1,5 @@ - + What makes a phar a phar and not a tar or a zip?
@@ -113,7 +113,7 @@ __HALT_COMPILER(); Whole-archive signature validation Yes - No + Yes No diff --git a/reference/phar/ini.xml b/reference/phar/ini.xml index e519ba18bd..7060674720 100644 --- a/reference/phar/ini.xml +++ b/reference/phar/ini.xml @@ -1,5 +1,5 @@ - +
&reftitle.runtime; &extension.runtime; @@ -34,6 +34,12 @@ PHP_INI_ALL Available from phar 1.1.0 to 1.2.3, removed in 2.0.0. + + phar.cache_list + "" + PHP_INI_SYSTEM + Available from phar 2.0.0. + @@ -120,6 +126,35 @@ phar.extract_list = archive=/full/path/to/archive/,arch2=/full/path/to/arch2 include "phar://archive/content.php"; include "phar://arch2/foo.php"; ?> +]]> + + + + + + + + + phar.cache_list + string + + + + This INI setting was added in phar 2.0.0 + + + Allows mapping phar archives to be pre-parsed at web server startup, + providing a performance improvement that brings running files out of a + phar archive very close to the speed of running those files from a + traditional disk-based installation. + + phar.cache_list usage example + + diff --git a/reference/phar/setup.xml b/reference/phar/setup.xml index 3d9b745057..00e745aa7a 100644 --- a/reference/phar/setup.xml +++ b/reference/phar/setup.xml @@ -1,5 +1,5 @@ - + &reftitle.setup; @@ -16,7 +16,9 @@ You may optionally wish to enable the zlib and bzip2 extensions to take - advantage of compressed phar support. + advantage of compressed phar support. In addition, to take advantage of + OpenSSL signing, the OpenSSL extension must be + enabled. Note that a bug in the zlib.deflate stream filter diff --git a/reference/phar/using.xml b/reference/phar/using.xml index c64ae66428..0a70f9e4cb 100644 --- a/reference/phar/using.xml +++ b/reference/phar/using.xml @@ -1,5 +1,5 @@ - + Using Phar Archives @@ -119,6 +119,26 @@ try { + + In addition, verification of phar file contents can be done using any of the + supported symmetric hash algorithms (MD5, SHA1, SHA256 and SHA512 if ext/hash is enabled) + and using asymmetric public/private key signing using OpenSSL (new in Phar 2.0.0). To + take advantage of OpenSSL signing, you need to generate a public/private key pair, and + use the private key to set the signature using + Phar::setSignatureAlgorithm. In addition, the public key + as extracted using this code: + + + + must be saved adjacent to the phar archive it verifies. If the phar archive + is saved as /path/to/my.phar, the public key must be saved + as /path/to/my.phar.pubkey, or phar will be unable to verify + the OpenSSL signature. + As of version 2.0.0, The Phar class also provides 3 static methods, Phar::webPhar, Phar::mungServer and Phar::interceptFileFuncs that are crucial