public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code

rename signature to checksum

pull/8593/head
Klaus 2020-02-11 09:11:45 +01:00 committed by GitHub
parent 5843a282bc
commit 9940271c6e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/faqs/how-to-install-composer-programmatically.md
View File

@ -1,7 +1,7 @@
# How do I install Composer programmatically? # How do I install Composer programmatically?
As noted on the download page, the installer script contains a As noted on the download page, the installer script contains a
signature which changes when the installer code changes and as such checksum which changes when the installer code changes and as such
it should not be relied upon in the long term. it should not be relied upon in the long term.
An alternative is to use this script which only works with UNIX utilities: An alternative is to use this script which only works with UNIX utilities:
@ -9,13 +9,13 @@ An alternative is to use this script which only works with UNIX utilities:
```bash ```bash
#!/bin/sh #!/bin/sh
EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)" EXPECTED_CHECKSUM="$(wget -q -O - https://composer.github.io/installer.sig)"
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" ACTUAL_CHECKSUM="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ] if [ "$EXPECTED_CHECKSUM" != "$ACTUAL_CHECKSUM" ]
then then
>&2 echo 'ERROR: Invalid installer signature' >&2 echo 'ERROR: Invalid installer checksum'
rm composer-setup.php rm composer-setup.php
exit 1 exit 1
fi fi