Chances are, you've seen the acronym PEAR at some point in your use of PHP, whether it was in passing or when installing and using a package from pear.php.net. If you've investigated, you might have probably heard of popular software provided by PEAR, such as the DB database abstraction package, or the HTML_QuickForm package. What you may not realize is that PEAR is much more than just a collection of packages that you can use. PEAR also contains the most versatile installation program for PHP, the PEAR installer. With the PEAR installer, you can do much more than just install packages from pear.php.net. You can install packages from other PEAR channels, distribute your own software projects using your own PEAR channel, and even maintain a complex intranet web project, all using the PEAR installer. Surprised? Read on, this book will reveal the intimate secrets of the PEAR installer and how it will revolutionize your everyday development with the PHP programming language.
The primary purpose of PEAR is to support code reuse. PEAR stands for the PHP Extension and Application Repository. PEAR provides both an advanced installer and a code repository at http://pear.php.net. Unlike competing PHP code repositories that you may be familiar with such as http://www.phpclasses.org or general purpose development sites like http://www.sourceforge.net, all PEAR code is organized into discrete reusable components called packages. A package consists of a group of files and a descriptor file called package.xml that contains meta-data about the package's contents, such as the package version, any special dependencies, and textual information such as the package description and authors.
Although most packages contain PHP code, there is no special restriction on the contents of a package. Some packages, such as http://pear.php.net/HTML_AJAX provide JavaScript files as well as PHP files. One of the example packages mentioned in Chapter 4 bundles only MP3 music files. Literally anything you can save as a file can be distributed in a PEAR package.
The software that transforms a package from an inert grouping of files into a dynamic software package is called the PEAR installer and is itself a PEAR package, located at http://pear.php.net/PEAR. In other words, the PEAR installer can be used to upgrade itself. It is truly a very powerful application.
Traditionally, PHP software has been distributed with a passive installation approach, following these typical steps:
1. Download a
.zipor a.tar.gzcontaining all the files of the application2. Decompress the files into a folder in your website's document root
3. Read the Readme and Install files
4. Do various post-installation tasks, creating files, checking requirements
5. Test it
6. Often, changes are required at the system-level changes (adding extensions to
php.ini, changingphp.inisettings, upgrading PHP itself)
For lack of a better name, we'll call this the "unzip-and-go" system of PHP software distribution. Although this in fact works very well for small, single-developer low-traffic websites, it contains a hidden cost that is not immediately apparent. There is one single fact about the unzip-and-go software installation system that limits its ultimate usefulness:
In today's fast-paced development world, one of the weaknesses of the Internet is security. Quite often, serious security vulnerabilities are discovered in software that requires an immediate upgrade to fix. When using a complete unzip-and-go software application, upgrading involves a large degree of risk. First of all, once the upgrade is complete, if the software is broken, reverting the upgrade requires either restoring from a backup or re-installing the old software. Reverting to an earlier package version with the PEAR installer is a one-line command and is very straightforward.
Note
Why is Upgrading Necessary at all if the Code is Working?
Just a month before writing this chapter, our hosting provider's website was compromised. Due to a number of unfortunate events, I was completely locked out of our server for an unacceptable period of time and we lost business as a result of the delay in receiving important emails.
The cause of this compromise was—an innocent installation of an outdated copy of a CVS viewing program. The program contained an arbitrary PHP execution vulnerability, and the systems administrator had not upgraded to the latest version because it was tremendously difficult to upgrade the viewing software.
Had this same software been distributed as a PEAR package, upgrading would have been a one-line command as follows:
$ pear upgrade PackageName
The lost business would have never been a problem then. In today's world, upgrading software is in fact critical to the long-term success of any website, no matter how large or small.
The advantages of using the PEAR installer over a simple unzip-and-go solution are most apparent when projects grow in complexity. Let's look at a short list of the advantages:
File conflicts are not possible
Problems caused by incompatible PHP versions/PHP extensions/PHP code are all handled by advanced dependency resolution
Distributing application development between different sites is simple due to the revolutionary new PEAR channels feature introduced in PEAR version 1.4.0 (Chapter 5 is devoted to exploration of PEAR channels)
All installation configurations can be handled in a standardized and consistent way for all packages—once you learn how to handle one PEAR package; all the others are handled in the same way.
Versioning of code allows clear fault resolution as well as the ability to revert changes that break code.
Before using the PEAR installer, it is important to understand the disadvantages of using the PEAR installer over unzip-and-go:
The PEAR installer itself must be installed on the development machine and preferably on the server (although this is no longer required thanks to the PEAR_RemoteInstaller package, discussed in section 1.3.3.1, Synchronizing to a server with no shell access using PEAR_RemoteInstaller).
If you are distributing your own packages, you need a full understanding of the
package.xmldescription file, and possibly an understanding of PEAR channels in order to set one up yourself.Depending on relative file locations is not always possible through traditional means. This is due to the flexibility of PEAR configuration. Rather than relying upon
dirname(__FILE__), a PEAR-specific way must be used, such as file replacement tasks (discussed in Chapter 2).
The most significant barrier to using PEAR has traditionally been the effort it takes to install the PEAR installer itself, and this has been the focus of recent efforts to improve the installer's installation process. There is a great deal of possibility in recent innovations made possible by PHP version 5.1.0 or newer, as evidenced by work made possible by the PHP_Archive PEAR package (http://pear.php.net/PHP_Archive) and its sibling, the phar PECL extension (http://pecl.php.net/phar). These packages enable the distribution of an application in a single file that greatly enhances the capabilities of an installer.
The most important innovation of the PEAR installer is PEAR channels, something that no other package distribution mechanism supports. PEAR channels are a simple way to easily install packages from multiple sources over the Internet.
Through the use of PEAR channels, applications can reliably depend on code from several unrelated sources. Some of the more prominent channels are:
pear.php.net:PEAR itself is a channelpecl.php.net:PECL is for PHP extensions what PEAR is to regular PHP packagesgnope.org:PHP-GTK2 channelpear.chiaraquartet.net:The first PEAR channel outside thephp.netdomaincomponents.ez.no:eZ components PEAR channelpearified.com:source of PEAR-packaged Smarty, phpMyAdmin and others
Also of interest are channel aggregators like:
http://www.pearadise.com: Tobias Schlitt's PEAR channel aggregator
http://www.pearified.com: The channel aggregator portion of the pearified channel
http://www.upear.com: Another aggregator
Each PEAR channel distributes code fitting a wide variety of needs.