1
0
Fork 0

Merge pull request #8593 from sualko/patch-1

rename signature to checksum
pull/8597/head
Jordi Boggiano 2020-02-11 10:20:54 +01:00 committed by GitHub
commit 1848af32ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions

View File

@ -1,7 +1,7 @@
# How do I install Composer programmatically? # How do I install Composer programmatically?
As noted on the download page, the installer script contains a As noted on the download page, the installer script contains a
signature which changes when the installer code changes and as such checksum which changes when the installer code changes and as such
it should not be relied upon in the long term. it should not be relied upon in the long term.
An alternative is to use this script which only works with UNIX utilities: An alternative is to use this script which only works with UNIX utilities:
@ -9,13 +9,13 @@ An alternative is to use this script which only works with UNIX utilities:
```bash ```bash
#!/bin/sh #!/bin/sh
EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)" EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ] if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
then then
>&2 echo 'ERROR: Invalid installer signature' >&2 echo 'ERROR: Invalid installer checksum'
rm composer-setup.php rm composer-setup.php
exit 1 exit 1
fi fi