php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77229 Phar::buildFromDirectory() generates tar archives in 'PAX' format
Submitted: 2018-12-03 02:54 UTC Modified: 2020-11-26 13:28 UTC
Votes:2
Avg. Score:4.0 ± 1.0
Reproduced:1 of 2 (50.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: michae dot lee at zerustech dot com Assigned:
Status: Analyzed Package: PHAR related
PHP Version: 7.4 OS: macOS High Sierra 10.13.6
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: michae dot lee at zerustech dot com
New email:
PHP Version: OS:

 

 [2018-12-03 02:54 UTC] michae dot lee at zerustech dot com
Description:
------------
The `Phar::buildFromDirectory()` method generates tar archives in `PAX` format, so different tar archives that contain the same files may have different `sha1` checksums.

Test script:
---------------
<?php
  // mkdir test && echo 'hello' > test/test.txt
  $phar = new \PharData('a.tar');
  $phar->buildFromDirectory('test');
  // sleep for 1 second to produce different atime.
  sleep(1);
  $phar = new \PharData('b.tar');
  $phar->buildFromDirectory('test');
  echo sha1_file('a.tar') . "\n";                                                                                          
  echo sha1_file('b.tar') . "\n";
  // a.tar and b.tar contain the same files, but have different checksums
  // Looks like the `buildFromDirectory()` method generates tar archives
  // with `PAX` headers. Calling "tar --format=ustar -cf ..." from command line
  // resolves this issue.

Expected result:
----------------
The sha1 checksums for a.tar and b.tar should be the same.

Actual result:
--------------
The sha1 checksums for a.tar and b.tar are different.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-03 03:46 UTC] michae dot lee at zerustech dot com
PHP version is 7.2.4
 [2018-12-03 08:15 UTC] petk@php.net
-PHP Version: Irrelevant +PHP Version: 7.2.4
 [2018-12-04 06:03 UTC] hanskrentel at yahoo dot de
It can also be - I think like w/ from iterator - that temporary files are in use behind the secenes with new timestamps in each operation and therefore changing the checksum.

To create phar file in a reproducible manner it normally needs to store the phar file and then to modify the binary records resetting the timestamps in there, e.g. to the latest timestamp of the revision in CVS or in your example you perhaps want to keep track of file-system timestamps and binary edit the phar file to sync those w/ the file-system.

See the phar build script in the composer project for some reference on how to do that.
 [2020-11-26 13:28 UTC] cmb@php.net
-Status: Open +Status: Analyzed -PHP Version: 7.2.4 +PHP Version: 7.4
 [2020-11-26 13:28 UTC] cmb@php.net
This has nothing to do with PAX format (phar tars are in ustar
format), but rather is related to the basic tar format, which is
supposed to store the mtime in header bytes 136-147, but we're
storing the current time[1].

[1] <https://github.com/php/php-src/blob/php-7.4.13/ext/phar/util.c#L577>
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Oct 07 11:01:28 2024 UTC