I recently released the first stable versions of my phar-updater package. So there. Announced. Can I go back to playing Witcher 3 now?

In all seriousness, phar-updater is my implementation of recommendations I made in a previous blog post around self-updating PHAR files. Those recommendations were, predictably for me, largely concerned with self-updating from a security perspective. Implementing it brought ease of use and flexible integration to the fore also. It can be surprising what a little extra work, testing and packaging can accomplish for reuse compared to throwing code into one file and calling it a day. It’s been integrated into Humbug with nary an issue.

You can find all the gory details about the package in the Github README: https://github.com/padraic/phar-updater. Don’t panic. I added a contents table.

The phar-updater package covers a number of self-explanatory features:

  1. It supports updating currently running or other local PHARs.
  2. It supports updating from any generic remote URL (using SHA tracking), or from Github Releases using tags conforming to semantic versioning.
  3. It enforces TLS verification, and supports OpenSSL PHAR signatures.
  4. It has a simple version parser, allowing flexible configurable updates based on stability, pre-release status (alpha/beta/rc) and version number.
  5. You can perform remote checks for available updates.
  6. You can add custom remote strategies as needed.

This is all pretty much everything I’ll ever need from the package. It’s small, simple, and should require minimal maintenance. And…really, I have nothing more to type. I’m all typed out unless the keys are W, A, S and D.

You can see phar-updater’s API evident in Humbug which serves as a good example of how to use it in practice within a Symfony Console command: https://github.com/padraic/humbug/blob/master/src/Command/SelfUpdate.php