With the growing number of Composer packages in the PHP Universe, we have more integrations. On the downside, we get more and more version conflicts. n98-magerun, especially Version 2, has to to deal with a wide range of dependencies. One of the advantages of n98-magerun is that you are able to manage multiple Magento versions with only one tool installation. This means that we as maintainer have to support various different Magento dependencies at once. Maybe this is not anymore possible in the future, according to unresolvable conflicts with new Magento dependencies.
This is one of the purposes that we recommend the use of the .phar distribution over of a Composer installation. Other tools have similar problems. That is why Phive was created.
What is Phive
Phive is a tool manage tool distributed as phar file. Have a look on https://phar.io to see a list of popular tools like PHPUnit, PHPStan, phpDoc etc. which can easily be installed with Phive.
New in the list of available tools is “n98-magerun” and “n98-magerun2”.
How does this works?
First, you install Phive on your machine.
gpg --keyserver hkps.pool.sks-keyservers.net --recv-keys 0x9B2D5D79
gpg --verify phive.phar.asc phive.phar
chmod +x phive.phar
sudo mv phive.phar /usr/bin/phive
Now you can install n98-magerun with Phive in your Project.
phive install n98-magerun
Phive downloads the .phar file and puts it under ~/.phive. In the project only a symlink will be generated. It is also possible to install different versions of one tool. Every project can have it’s own tool dependencies.
Phive creates a “phive.xml” file in your project root directory. In this file you can specify version contraint similar to composer’s contraints for the targeted tools.
<?xml version="1.0" encoding="UTF-8"?>
<phar name="n98-magerun2" version="^2.0.0" installed="2.0.0" location="./tools/n98-magerun2"/>
<phar name="n98-magerun" version="^1.100.0" installed="1.100.0" location="./tools/n98-magerun"/>
For a good security, all phar files are checked against a GPG key. We added support for GPG Signature checks to our files.
On our download site, we provide the SHA-256 and the GPG Signature to verify the download manually. If you download with Phive, GPG verification is already included.
To download the GPG signature manually, add “.asc” to the download URL of the phar file.
GPG Signature: https://files.magerun.net/n98-magerun-latest.phar.asc
A verification can be done with this script:
curl -O https://files.magerun.net/n98-magerun-latest.phar
curl -O https://files.magerun.net/n98-magerun-latest.phar.asc
gpg --verify n98-magerun-latest.phar.asc n98-magerun-latest.phar
We hope you like the new additional way to download n98-magerun 1/2.