Self-Updating PHARs: Stable phar-updater packages now available
I recently released the first stable versions of my phar-updater package. So there. Announced. Can I go back to playing Witcher 3 now?
In all seriousness, phar-updater is my implementation of recommendations I made in a previous blog post around self-updating PHAR files. Those recommendations were, predictably for me, largely concerned with self-updating from a security perspective. Implementing it brought ease of use and flexible integration to the fore also. It can be surprising what a little extra work, testing and packaging can accomplish for reuse compared to throwing code into one file and calling it a day. It’s been integrated into Humbug with nary an issue.
You can find all the gory details about the package in the Github README: https://github.com/padraic/phar-updater. Don’t panic. I added a contents table.
The phar-updater package covers a number of self-explanatory features:
- It supports updating currently running or other local PHARs.
- It supports updating from any generic remote URL (using SHA tracking), or from Github Releases using tags conforming to semantic versioning.
- It enforces TLS verification, and supports OpenSSL PHAR signatures.
- It has a simple version parser, allowing flexible configurable updates based on stability, pre-release status (alpha/beta/rc) and version number.
- You can perform remote checks for available updates.
- You can add custom remote strategies as needed.
This is all pretty much everything I’ll ever need from the package. It’s small, simple, and should require minimal maintenance. And…really, I have nothing more to type. I’m all typed out unless the keys are W, A, S and D.
You can see phar-updater’s API evident in Humbug which serves as a good example of how to use it in practice within a Symfony Console command: https://github.com/padraic/humbug/blob/master/src/Command/SelfUpdate.php