Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unable to use .phar due unsupported signature error #1948

Closed
glensc opened this issue Nov 9, 2015 · 27 comments
Closed

unable to use .phar due unsupported signature error #1948

glensc opened this issue Nov 9, 2015 · 27 comments

Comments

@glensc
Copy link

glensc commented Nov 9, 2015

i'm unable to figure out what is causing this. other phar files (composer, php-cs-fixer, ..) run fine in this system.

➔ php56 phpunit.phar  --version
PHP Fatal error:  Uncaught exception 'PharException' with message 'phar "/tmp/phpunit.phar" has a unsupported signature' in /tmp/phpunit.phar:21
Stack trace:
#0 /tmp/phpunit.phar(21): Phar::mapPhar('phpunit-5.0.8.p...')
#1 {main}
  thrown in /tmp/phpunit.phar on line 21

and i do not have suhosin extension nor patch present like mentioned in #1694

extensions present:

➔ php -m | grep -Ei 'phar|zip|zlib|bz2|ssl'
bz2
openssl
Phar
zip
zlib
@sebastianbergmann
Copy link
Owner

This makes no sense to me.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

me neither, that's why the bug. anything else i could try looking at? i tried strace(1), but nothing suspicious there.

btw, i fould some older .phar files i have downloaded, and these do work:

➔ ./phpunit-lts.phar --version
PHPUnit 3.7.37 by Sebastian Bergmann.

➔ ./phpunit.phar --version
PHPUnit 4.2.2 by Sebastian Bergmann.

➔ ls -l --full phpunit*phar
-rwxrwxr-x 1 glen glen 4.4M 2014-04-30 15:27:11.000000000 +0300 phpunit-lts.phar*
-rwxrwxr-x 1 glen glen 3.2M 2014-08-18 08:14:16.000000000 +0300 phpunit.phar*

@sebastianbergmann
Copy link
Owner

The PHPUnit PHAR is not signed using a mechanism provided by the PHAR extension. I do not understand how PHP complains about an illegal signature if there is no signature for it to check.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

maybe you know what has changed with phar making process considering that two versions mentioned above did work.

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

theseer@nyda ~/Desktop/xx $ phar info phpunit-5.0.0.phar 
Unexpected default arguments to command info, check /usr/bin/phar help
theseer@nyda ~/Desktop/xx $ phar info -f phpunit-5.0.0.phar 
Alias:              phpunit-5.0.0.phar
Hash-type:          SHA-512
Hash:               B8AE97E12615C13B8C675D5BC0E6F62ABB26CF377B024A882DDC476D652CD138394382FBD41E14B5C72E0733530BE8D36088430E127ED75D33A342EDC09087F5
Entries:            531
Uncompressed-files: 531
Compressed-files:   0
Compressed-gz:      0
Compressed-bz2:     0
Uncompressed-size:  2686117
Compressed-size:    2686117
Compression-ratio:  100%
Metadata-global:    0
Metadata-files:     0
Stub-size:          47718
theseer@nyda ~/Desktop/xx $ wget https://phar.phpunit.de/phpunit-4.6.9.phar
--2015-11-10 15:33:52--  https://phar.phpunit.de/phpunit-4.6.9.phar
Resolving phar.phpunit.de (phar.phpunit.de)... 188.94.27.25
Connecting to phar.phpunit.de (phar.phpunit.de)|188.94.27.25|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3146137 (3,0M) [application/octet-stream]
Saving to: ‘phpunit-4.6.9.phar’

phpunit-4.6.9.phar                         100%[========================================================================================>]   3,00M   676KB/s   in 5,0s   

2015-11-10 15:33:57 (610 KB/s) - ‘phpunit-4.6.9.phar’ saved [3146137/3146137]

theseer@nyda ~/Desktop/xx $ phar info -f phpunit-4.6.9.phar 
Alias:              phpunit-4.6.9.phar
Hash-type:          SHA-1
Hash:               39AF13CA2EF8B206074B67A717412CD064520E13
Entries:            569
Uncompressed-files: 569
Compressed-files:   0
Compressed-gz:      0
Compressed-bz2:     0
Uncompressed-size:  3050389
Compressed-size:    3050389
Compression-ratio:  100%
Metadata-global:    0
Metadata-files:     0
Stub-size:          49601

The later PHPUnit phar's have a SHA512 hash, while the older ones have SHA1. If you have an (old?) PHP version not supporting SHA512...

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

Addtion: phpab (which is used to build the phar) checks the list of supported/preferred hash algorithms (https://github.com/theseer/Autoload/blob/master/src/PharBuilder.php#L101) and picks the best one available. It seems like the PHP environment this phpunit.phar is being executed in does not support SHA-512 yet.

I guess it would make sense to provide a switch for phpab to force a certain hashing algorithm. I'll add that to phpab.

@sebastianbergmann
Copy link
Owner

Looks like at some point SHA-512 became available as a hash for PHARs on the machine where I build the releases. Once @theseer has released a new version of phpab with a commandline option to force the usage of legacy SHA-1 hashes I will use that.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

super!

@sebastianbergmann
Copy link
Owner

Thank you, @glensc, for bringing this to my attention. And for being persistent enough to convince me that there is something wrong :-) And thanks to @theseer for investigating the issue.

@sebastianbergmann
Copy link
Owner

What I don't get, though, is why @glensc's build of PHP 5.6 has no support for SHA-256 checksums of PHAR files.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

because PHP is crap:

# - WARNING: Phar: sha256/sha512 signature support disabled if ext/hash is
#   built shared, also PHAR_HAVE_OPENSSL is false if openssl is built shared.
#   make it runtime dep and add Suggests (or php warning messages)

it (PHP) has shared modules support, but it's crippled because some assumptions made compile time, not run time. it's perfectly fine to use symbols from other shared modules, but they do that decision at compile time. sigh.

it has been long time in TODO and investigate and find a fix.

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

It's even documented: http://php.net/manual/en/phar.constants.php

@glensc
Copy link
Author

glensc commented Nov 10, 2015

i have hash extension (shared one)!

➔ php56 -m | grep -Ei 'phar|zip|zlib|bz2|ssl|hash'
bz2
hash
mhash
openssl
Phar
zip
zlib

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

Doesn't seem to have helped in terms of the phar extension and it's hash support.
Are you running the PLD's php rpm with the issue you mentioned before?

I'm already working on having phpab provide an option to specify the hash type to use. Not convinced though going back to SHA-1 only is the best option given the recent issues with said algorithm.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

@theseer not sure i understand you question. yes i'm using that rpm package, why else would i link to that package's TODO?

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

I was just wondering if you could or did verify that the problem vanishes if a non-PLD-build of PHP is used.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

the problem exists if hash extension is built shared (maybe openssl has to be shared too), as i said and noted, the check is compile time not run time. stupid php.

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

This was mere curiosity since the problem does not show up on fedora/redhat/centos with PHP installed from their RPMs. So they either do not build it shared or found some other way around that issue, regardless it being stupid on the PHP end.

@theseer
Copy link
Collaborator

theseer commented Nov 10, 2015

Okay, just checked remi's spec file: https://github.com/remicollet/remirepo/blob/master/php/php56/php56.spec#L1150 - so it's always static and not shared.

@glensc
Copy link
Author

glensc commented Nov 10, 2015

i will try to make the check runtime, but it will likely take some time depending how complicated the change would be :)

@glensc
Copy link
Author

glensc commented Nov 10, 2015

similar problem is with getimagesize() for which in our distro fix was simple

@glensc
Copy link
Author

glensc commented Nov 11, 2015

confirmed fixed:

➔ php56 phpunit.phar --version
PHPUnit 5.0.9 by Sebastian Bergmann and contributors.

➔ php phpunit-old.phar --version
PHPUnit 4.8.17 by Sebastian Bergmann and contributors.

@glensc
Copy link
Author

glensc commented Nov 17, 2015

some background information, this is the check to make to see if ext/phar lacks the support:

➔ php -r 'print_r(Phar::getSupportedSignatures());'
Array
(
    [0] => MD5
    [1] => SHA-1
    [2] => OpenSSL
)

@theseer
Copy link
Collaborator

theseer commented Nov 18, 2015

That check doesn't help for phpunit since you cannot even open the phar file in a PHP environment where the selected signature format is not available. Checking for supported types on the build maschine doesn't fix that - and by the way was what phpab was already doing anyhow (https://github.com/theseer/Autoload/blob/master/src/PharBuilder.php#L117).

@glensc
Copy link
Author

glensc commented Nov 19, 2015

@theseer yes, i posted info here, so if somebody else comes across this ticket, can run the check. the check wasn't intended to be incorporated to phunit phar.

and for the sake of archive, i suggest to change your link to permalink (some tag not master), so it would be pointing to proper file/line in the future as well.

glensc added a commit to pld-linux/php that referenced this issue Nov 20, 2015
glensc added a commit to pld-linux/php that referenced this issue Apr 23, 2016
thus phar requires hash extension now

test phar:
https://phar.phpunit.de/phpunit-4.8.16.phar

see problem analyze here:
sebastianbergmann/phpunit#1948

cherry-picked 56b53eb
@steinhaug
Copy link

I had a similar problem today, and after recompiling and building this PHAR file in all possible ways in an attemt to having it work on the server... Problem was my FTP software had been reset in its configuration so I was uploading files in ASCHII and did not use my head - PHAR files definately needs to be BINARY. After reuploading files in BINARY.. never had this error again.

Hope til solves your problem to!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants