From 4baaacc193f207bc83a068d82ff39de8adc45e46 Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Tue, 28 Jun 2016 11:41:34 +0100
Subject: [PATCH] Add docs about installing composer programmatically, fixes
 #5474

---
 ...ow-to-install-composer-programmatically.md | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 doc/faqs/how-to-install-composer-programmatically.md

diff --git a/doc/faqs/how-to-install-composer-programmatically.md b/doc/faqs/how-to-install-composer-programmatically.md
new file mode 100644
index 000000000..3ea9529c7
--- /dev/null
+++ b/doc/faqs/how-to-install-composer-programmatically.md
@@ -0,0 +1,30 @@
+# How to install Composer programmatically?
+
+As noted on the download page, the installer script contains a
+signature which changes when the installer code changes and as such
+it should not be relied upon long term.
+
+An alternative is to use this script which only works with unix utils:
+
+```bash
+#!/bin/sh
+
+EXPECTED_SIGNATURE=$(wget https://composer.github.io/installer.sig -O - -q)
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');")
+
+if [ "$EXPECTED_SIGNATURE" == "$ACTUAL_SIGNATURE" ]
+then
+    php composer-setup.php --quiet
+    RESULT=$?
+    rm composer-setup.php
+    exit $RESULT
+else
+    echo 'ERROR: Invalid installer signature'
+    rm composer-setup.php
+    exit 1
+fi
+```
+
+The script will exit with 1 in case of failure, or 0 on success, and is quiet
+if no error occurs.