ext/phar: inject timestamp for flushing

[Girgias]

The objective of this is to potentially allow userland to set the timestamp to allow building reproducible phars.

People this might interest in the long run:

• @theofidry
• @drupol
• @Ocramius

[drupol]

Thanks for this !

If I understand correctly, getting time from SOURCE_DATE_EPOCH is not an option here ?

[ndossche]

I also had this to deal with userland objects & reproducible phars, that came from a discussion in another's repo. #14143
However, no one of the original participants reacted to this after all, so ig the reproducible phar interest isn't as large as the crowd makes it out to be ;)

I'd have to think how this all fits together with reproducibility etc and if this is the "easiest" way etc...

[theofidry]

I vaguely remember #14143, I admit I'm a bit lost there I would need to dig back into that. But vague understanding is that it is about getting the correct value for the timestamp instead whatever value the PHAR was created at.

My naïve understand of the issue is that at the moment when you build a PHAR there is simply no API to set the timestamp.

For context, what most people use in practice in PHP land is use seld/phar-utils which reads the file and look up at the position to directly update the timestamp there, with the caveat that it needs to re-sign the PHAR.

So ideally would be cool to simply be able to do $phar->setTimestamp() somehow. This way you preserve the existing behaviour and do not break anything by default but users can set it to SOURCE_DATE_EPOCH or other for the sake of reproducible builds. The question would be how you deal with the signing though... Ideally, it would respect it, or you could say it needs to be set before signing but then signing doesn't override it (well actually I don't think it does, it's just because phar-utils changes the content after signing, so maybe there is nothing to do there...)