Skip to content

add installation instructions for RPM packages#558

Merged
asgrim merged 2 commits intophp:1.4.xfrom
remicollet:issue-rpm
Apr 2, 2026
Merged

add installation instructions for RPM packages#558
asgrim merged 2 commits intophp:1.4.xfrom
remicollet:issue-rpm

Conversation

@remicollet
Copy link
Copy Markdown
Member

@remicollet remicollet commented Mar 19, 2026

  • add a Distribution packages section in the usage page
  • add RPM case

Other distro may be added later by their maintainers

@asgrim asgrim added the documentation Improvements or additions to documentation label Mar 23, 2026
@asgrim asgrim self-requested a review March 23, 2026 07:48
@remicollet
Copy link
Copy Markdown
Member Author

remicollet commented Mar 25, 2026

Amended for minor fix: Only EL-10 is supported

(because EL-8 has PHP 7.4 and EL-9 has PHP 8.0 by default)

@asgrim asgrim self-assigned this Apr 2, 2026
@asgrim asgrim added this to the 1.4.0 milestone Apr 2, 2026
@asgrim asgrim enabled auto-merge April 2, 2026 08:02
@asgrim asgrim merged commit f27cead into php:1.4.x Apr 2, 2026
24 checks passed
remicollet
remicollet commented Apr 2, 2026
View reviewed changes
docs/usage.md
sudo dnf install pie

# If you have `gh`, you can verify PIE is authentic:
gh attestation verify --owner=php $(which pie)
Copy link
Copy Markdown
Member Author

@remicollet remicollet Apr 2, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work for the RPM package, which is not the phar archive
It is signed by the build provider and can be verified using the rpm --verify command (always checked on install/update)

Copy link
Copy Markdown
Contributor

@asgrim asgrim Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not verifying the RPM, it is verifying the PHAR; which pie should return /usr/bin/pie in this case, which should be verifiable against the original owner (unless you have built the PHAR yourself, which I would not endorse)

Copy link
Copy Markdown
Member Author

@remicollet remicollet Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/usr/bin/pie is NOT the phar, so cannot be verified by the gh attestations

The package contains the "composer install" result tree (/usr/share/pie)
And the pie command is the one from this tree.

Copy link
Copy Markdown
Contributor

@asgrim asgrim Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you - I made a PR to remove this in #574

@remicollet remicollet deleted the issue-rpm branch April 2, 2026 08:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@asgrim asgrim asgrim approved these changes

Assignees

@asgrim asgrim

Labels

documentation Improvements or additions to documentation

Projects

None yet

Milestone

1.4.0

Development

Successfully merging this pull request may close these issues.

2 participants

@remicollet @asgrim