1
0
Fork 0

Disable failure on hash mismatch until it can be proven to work reliably

pull/1241/merge
Jordi Boggiano 2012-10-21 16:10:47 +02:00
parent 3116c979d3
commit 338127ff9c
1 changed files with 8 additions and 1 deletions

View File

@ -414,7 +414,14 @@ class ComposerRepository extends ArrayRepository implements NotifiableRepository
$data = $json->read(); $data = $json->read();
$encoded = json_encode($data); $encoded = json_encode($data);
if ($sha256 && $sha256 !== hash('sha256', $encoded)) { if ($sha256 && $sha256 !== hash('sha256', $encoded)) {
throw new \UnexpectedValueException('The contents of '.$filename.' do not match its signature, this may be due to a temporary glitch or a man-in-the-middle attack, aborting for safety. Please try running Composer again.'); if ($retries) {
usleep(100);
continue;
}
// TODO throw SecurityException and abort once we are sure this can not happen accidentally
$this->io->write('<warning>The contents of '.$filename.' do not match its signature, this may be due to a temporary glitch or a man-in-the-middle attack. Please report this.</warning>');
} }
$this->cache->write($cacheKey, $encoded); $this->cache->write($cacheKey, $encoded);