1
0
Fork 0

Minimal documentation updates

pull/2745/head
Pádraic Brady 2014-03-02 18:24:03 +00:00
parent 49414a9790
commit 69bbe0918d
2 changed files with 35 additions and 1 deletions

View File

@ -121,7 +121,9 @@ composer.phar:
C:\Users\username>cd C:\bin C:\Users\username>cd C:\bin
C:\bin>php -r "readfile('https://getcomposer.org/installer');" | php C:\bin>php -r "readfile('https://getcomposer.org/installer');" | php
> **Note:** If the above fails due to readfile, use the `http` url or enable php_openssl.dll in php.ini > **Note:** If the above fails due to readfile, enable php_openssl.dll in php.ini.
> You may use the http URL, however this will leave the request susceptible to a
> Man-In-The-Middle (MITM) attack.
Create a new `composer.bat` file alongside `composer.phar`: Create a new `composer.bat` file alongside `composer.phar`:
@ -152,6 +154,14 @@ run this instead:
Following the [example above](#declaring-dependencies), this will download Following the [example above](#declaring-dependencies), this will download
monolog into the `vendor/monolog/monolog` directory. monolog into the `vendor/monolog/monolog` directory.
> **Note:** Composer will attempt to protect all HTTPS requests using SSL/TLS. It
> implements peer verification using a certificate bundle, either one installed on
> the local system or a copy distributed with Composer. You may also pass the path
> to a bundle using the --cafile option for most commands. While you can also
> disable peer verification by passing the --disable-tls option, this is not
> recommended and will leave all downloads susceptible to Man-In-The-Middle (MITM)
> attacks.
## Autoloading ## Autoloading
Besides downloading the library, Composer also prepares an autoload file that's Besides downloading the library, Composer also prepares an autoload file that's

View File

@ -88,6 +88,8 @@ resolution.
* **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster
autoloader. This is recommended especially for production, but can take autoloader. This is recommended especially for production, but can take
a bit of time to run so it is currently not done by default. a bit of time to run so it is currently not done by default.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## update ## update
@ -125,6 +127,8 @@ You can also use wildcards to update a bunch of packages at once:
lock file being out of date. lock file being out of date.
* **--with-dependencies** Add also all dependencies of whitelisted packages to the whitelist. * **--with-dependencies** Add also all dependencies of whitelisted packages to the whitelist.
So all packages with their dependencies are updated recursively. So all packages with their dependencies are updated recursively.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## require ## require
@ -151,6 +155,8 @@ to the command.
terminals or scripts which don't handle backspace characters. terminals or scripts which don't handle backspace characters.
* **--update-with-dependencies** Also update dependencies of the newly * **--update-with-dependencies** Also update dependencies of the newly
required packages. required packages.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## global ## global
@ -183,6 +189,8 @@ You can also search for more than one term by passing multiple arguments.
### Options ### Options
* **--only-name (-N):** Search only in name. * **--only-name (-N):** Search only in name.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## show ## show
@ -220,6 +228,8 @@ specific version.
* **--installed (-i):** List the packages that are installed. * **--installed (-i):** List the packages that are installed.
* **--platform (-p):** List only platform packages (php & extensions). * **--platform (-p):** List only platform packages (php & extensions).
* **--self (-s):** List the root package info. * **--self (-s):** List the root package info.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## depends ## depends
@ -284,6 +294,8 @@ you may have to run the command with `root` privileges
* **--rollback (-r):** Rollback to the last version you had installed. * **--rollback (-r):** Rollback to the last version you had installed.
* **--clean-backups:** Delete old backups during an update. This makes the current version of composer the only backup available after the update. * **--clean-backups:** Delete old backups during an update. This makes the current version of composer the only backup available after the update.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## config ## config
@ -368,6 +380,8 @@ By default the command checks for the packages on packagist.org.
* **--keep-vcs:** Skip the deletion of the VCS metadata for the created * **--keep-vcs:** Skip the deletion of the VCS metadata for the created
project. This is mostly useful if you run the command in non-interactive project. This is mostly useful if you run the command in non-interactive
mode. mode.
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## dump-autoload ## dump-autoload
@ -406,6 +420,11 @@ problems.
$ php composer.phar diagnose $ php composer.phar diagnose
### Options
* **--disable-tls:** Display SSL/TLS peer verification.
* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
## archive ## archive
This command is used to generate a zip/tar archive for a given package in a This command is used to generate a zip/tar archive for a given package in a
@ -525,6 +544,11 @@ By default it points to $COMPOSER_HOME/cache on \*nix and OSX, and
This env var controls the time composer waits for commands (such as git This env var controls the time composer waits for commands (such as git
commands) to finish executing. The default value is 300 seconds (5 minutes). commands) to finish executing. The default value is 300 seconds (5 minutes).
### COMPOSER_CAFILE
By setting this environmental value, you can set a path to a certificate bundle
file to be used during SSL/TLS peer verification.
### COMPOSER_DISCARD_CHANGES ### COMPOSER_DISCARD_CHANGES
This env var controls the discard-changes [config option](04-schema.md#config). This env var controls the discard-changes [config option](04-schema.md#config).