Skip to content

add installation instructions for RPM packages #558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
asgrim merged 2 commits into from
Apr 2, 2026
+31 −0
Merged

add installation instructions for RPM packages #558

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
78ed2dc
add installation instructions for RPM packages
remicollet Mar 19, 2026
030600b
Added warning about distribution packages and Brew instructions
asgrim Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 31 additions & 0 deletions docs/usage.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,37 @@ curl -fL --output /tmp/pie.phar https://github.com/php/pie/releases/latest/downl
&& sudo chmod +x /usr/local/bin/pie
```

### Distribution packages

> [!WARNING]
> Distribution packages are not maintained by PIE, so may not have the latest version, may have patches applied, or
> the instructions here may be out of date. You should verify the distribution packages before using them.

#### Fedora and Enterprise Linux 10

On Enterprise Linux (CentOS, RHEL, AlmaLinux, RockyLinux, and other clones) you
need to enable the [EPEL](https://docs.fedoraproject.org/en-US/epel/) repository.

```shell
sudo dnf install pie

# If you have `gh`, you can verify PIE is authentic:
gh attestation verify --owner=php $(which pie)
Copy link
Copy Markdown
Member Author

@remicollet remicollet Apr 2, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This won't work for the RPM package, which is not the phar archive
It is signed by the build provider and can be verified using the rpm --verify command (always checked on install/update)

Copy link
Copy Markdown
Contributor

@asgrim asgrim Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not verifying the RPM, it is verifying the PHAR; which pie should return /usr/bin/pie in this case, which should be verifiable against the original owner (unless you have built the PHAR yourself, which I would not endorse)

Copy link
Copy Markdown
Member Author

@remicollet remicollet Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/usr/bin/pie is NOT the phar, so cannot be verified by the gh attestations

The package contains the "composer install" result tree (/usr/share/pie)
And the pie command is the one from this tree.

Copy link
Copy Markdown
Contributor

@asgrim asgrim Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you - I made a PR to remove this in #574

```

Package information: [pie](https://src.fedoraproject.org/rpms/pie)

#### Homebrew

PIE can be installed with Homebrew with:

```shell
brew install pie

# If you have `gh`, you can verify PIE is authentic:
gh attestation verify --owner=php $(which pie)
```

### Docker installation

PIE is published as binary-only Docker image, so you can use it easily during your Docker build:
Expand Down
Loading