PHAR RFC - Githubissues

theofidry commented 8 months ago

This is a meta document to keep track of what could be submitted to PHP core.

Deprecate the OpenSSL signature.

As explained here, the PHAR signature provides no guarantee whatsoever and the OpenSSL signature is especially bad as it it:

requires to handle a private key + prompt on Box (or any other bundler) side
requires to always have the .asc file to have the PHAR working, making it a lot less convenient to use.

Allow to set the timestamp of the PHAR

Make https://github.com/Seldaek/phar-utils obsolete.

Deprecate the Metadata

See #1152.

Provide a new method to retrieve the manifest

Since we have industry standards as SBOM or libraries like Manifest, it could make sense to have a Phar::getManifest() method.

theofidry commented 7 months ago

idea: throw a proper exception when couldn't compress due to file descriptor limit

theofidry commented 6 months ago

To format:

# Document to write ideas of what should be in PHP src

## Extension name

From PackageInfo / Extension

// Some extensions name differs in how they are registered in composer.json
// and the name used when doing a `extension_loaded()` check.
// See https://github.com/box-project/box/issues/653.
private const EXTENSION_NAME_MAP = [
    'zend-opcache' => 'zend opcache',
];

## More compression algorithms

## Deprecate Metadata

## Get Manifest

## Default hash algorithm

## Deprecate OpenSSL signing

## (unrelated) Propose ::create(...) or ::__construct(...) or Foo(...) (i.e. the classname)

## PharUtils::setTimestamp()

box-project / box

PHAR RFC #1154

Deprecate the OpenSSL signature.

Allow to set the timestamp of the PHAR

Deprecate the Metadata

Provide a new method to retrieve the manifest