Read-only phar archives

When you’re building a `.phar` archive and you receive this error:
PHP Fatal error: Uncaught exception 'UnexpectedValueException' with message 'Cannot write out phar archive, phar is read-only' in ..../bin/build:19
you need to set phar.readonly to Off in your php.ini file.

phar.readonly = Off

This is what the php docs say about it:

This option disables creation or modification of Phar archives using the phar stream or Phar object’s write support. This setting should always be enabled on production machines, as the phar extension’s convenient write support could allow straightforward creation of a php-based virus when coupled with other common security vulnerabilities.

Note:

This setting can only be unset in php.ini due to security reasons. If phar.readonly is disabled in php.ini, the user may enable phar.readonly in a script or disable it later. If phar.readonly is enabled in php.ini, a script may harmlessly “re-enable” the INI variable, but may not disable it.

Leave a Reply