From 338127ff9c212a04557d1cfa154a49a5c3f49466 Mon Sep 17 00:00:00 2001 From: Jordi Boggiano Date: Sun, 21 Oct 2012 16:10:47 +0200 Subject: [PATCH] Disable failure on hash mismatch until it can be proven to work reliably --- src/Composer/Repository/ComposerRepository.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/Composer/Repository/ComposerRepository.php b/src/Composer/Repository/ComposerRepository.php index 03d18c3ca..571df903b 100644 --- a/src/Composer/Repository/ComposerRepository.php +++ b/src/Composer/Repository/ComposerRepository.php @@ -414,7 +414,14 @@ class ComposerRepository extends ArrayRepository implements NotifiableRepository $data = $json->read(); $encoded = json_encode($data); if ($sha256 && $sha256 !== hash('sha256', $encoded)) { - throw new \UnexpectedValueException('The contents of '.$filename.' do not match its signature, this may be due to a temporary glitch or a man-in-the-middle attack, aborting for safety. Please try running Composer again.'); + if ($retries) { + usleep(100); + + continue; + } + + // TODO throw SecurityException and abort once we are sure this can not happen accidentally + $this->io->write('The contents of '.$filename.' do not match its signature, this may be due to a temporary glitch or a man-in-the-middle attack. Please report this.'); } $this->cache->write($cacheKey, $encoded);