From 9940271c6ebc2a1b0f98e00def9d6b586468250a Mon Sep 17 00:00:00 2001 From: Klaus Date: Tue, 11 Feb 2020 09:11:45 +0100 Subject: [PATCH] rename signature to checksum --- doc/faqs/how-to-install-composer-programmatically.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/doc/faqs/how-to-install-composer-programmatically.md b/doc/faqs/how-to-install-composer-programmatically.md index ba6536e54..3b378a5ab 100644 --- a/doc/faqs/how-to-install-composer-programmatically.md +++ b/doc/faqs/how-to-install-composer-programmatically.md @@ -1,7 +1,7 @@ # How do I install Composer programmatically? As noted on the download page, the installer script contains a -signature which changes when the installer code changes and as such +checksum which changes when the installer code changes and as such it should not be relied upon in the long term. An alternative is to use this script which only works with UNIX utilities: @@ -9,13 +9,13 @@ An alternative is to use this script which only works with UNIX utilities: ```bash #!/bin/sh -EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)" +EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)" php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" -ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" +ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" -if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ] +if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ] then - >&2 echo 'ERROR: Invalid installer signature' + >&2 echo 'ERROR: Invalid installer checksum' rm composer-setup.php exit 1 fi