diff --git a/src/Composer/Command/SelfUpdateCommand.php b/src/Composer/Command/SelfUpdateCommand.php index 925270ade..4ac144ea8 100644 --- a/src/Composer/Command/SelfUpdateCommand.php +++ b/src/Composer/Command/SelfUpdateCommand.php @@ -16,6 +16,7 @@ use Composer\Composer; use Composer\Factory; use Composer\Config; use Composer\Util\Filesystem; +use Composer\Util\Platform; use Composer\SelfUpdate\Keys; use Composer\SelfUpdate\Versions; use Composer\IO\IOInterface; @@ -106,6 +107,11 @@ EOT return $this->fetchKeys($io, $config); } + // ensure composer.phar location is accessible + if (!file_exists($localFilename)) { + throw new FilesystemException('Composer update failed: the "'.$localFilename.'" is not accessible'); + } + // check if current dir is writable and if not try the cache dir from settings $tmpDir = is_writable(dirname($localFilename)) ? dirname($localFilename) : $cacheDir; @@ -248,10 +254,8 @@ TAGSPUBKEY $this->cleanBackups($rollbackDir); } - if ($err = $this->setLocalPhar($localFilename, $tempFilename, $backupFile)) { + if (!$this->setLocalPhar($localFilename, $tempFilename, $backupFile)) { @unlink($tempFilename); - $io->writeError('The file is corrupted ('.$err->getMessage().').'); - $io->writeError('Please re-run the self-update command to try again.'); return 1; } @@ -331,9 +335,7 @@ TAGSPUBKEY $io = $this->getIO(); $io->writeError(sprintf("Rolling back to version %s.", $rollbackVersion)); - if ($err = $this->setLocalPhar($localFilename, $oldFile)) { - $io->writeError('The backup file was corrupted ('.$err->getMessage().').'); - + if (!$this->setLocalPhar($localFilename, $oldFile)) { return 1; } @@ -341,37 +343,49 @@ TAGSPUBKEY } /** - * @param string $localFilename - * @param string $newFilename - * @param string $backupTarget - * @throws \Exception - * @return \UnexpectedValueException|\PharException|null + * Checks if the downloaded/rollback phar is valid then moves it + * + * @param string $localFilename The composer.phar location + * @param string $newFilename The downloaded or backup phar + * @param string $backupTarget The filename to use for the backup + * @throws \FilesystemException If the file cannot be moved + * @return bool Whether the phar is valid and has been moved */ protected function setLocalPhar($localFilename, $newFilename, $backupTarget = null) { + $io = $this->getIO(); + @chmod($newFilename, fileperms($localFilename)); + + // check phar validity + if (!$this->validatePhar($newFilename, $error)) { + $io->writeError('The '.($backupTarget ? 'update' : 'backup').' file is corrupted ('.$error.')'); + + if ($backupTarget) { + $io->writeError('Please re-run the self-update command to try again.'); + } + + return false; + } + + // copy current file into backups dir + if ($backupTarget) { + @copy($localFilename, $backupTarget); + } + try { - @chmod($newFilename, fileperms($localFilename)); - if (!ini_get('phar.readonly')) { - // test the phar validity - $phar = new \Phar($newFilename); - // free the variable to unlock the file - unset($phar); - } - - // copy current file into installations dir - if ($backupTarget && file_exists($localFilename)) { - @copy($localFilename, $backupTarget); - } - rename($newFilename, $localFilename); - return null; + return true; } catch (\Exception $e) { - if (!$e instanceof \UnexpectedValueException && !$e instanceof \PharException) { - throw $e; + // see if we can run this operation as an Admin on Windows + if (!is_writable(dirname($localFilename)) + && $io->isInteractive() + && $this->isWindowsNonAdminUser($isCygwin)) { + return $this->tryAsWindowsAdmin($localFilename, $newFilename, $isCygwin); } - return $e; + $action = 'Composer '.($backupTarget ? 'update' : 'rollback'); + throw new FilesystemException($action.' failed: "'.$localFilename.'" could not be written.'.PHP_EOL.$e->getMessage()); } } @@ -414,4 +428,129 @@ TAGSPUBKEY return $finder; } + + /** + * Validates the downloaded/backup phar file + * + * @param string $pharFile The downloaded or backup phar + * @param null|string $error Set by method on failure + * + * Code taken from getcomposer.org/installer. Any changes should be made + * there and replicated here + * + * @return bool If the operation succeeded + * @throws \Exception + */ + protected function validatePhar($pharFile, &$error) + { + if (ini_get('phar.readonly')) { + return true; + } + + try { + // Test the phar validity + $phar = new \Phar($pharFile); + // Free the variable to unlock the file + unset($phar); + $result = true; + } catch (\Exception $e) { + if (!$e instanceof \UnexpectedValueException && !$e instanceof \PharException) { + throw $e; + } + $error = $e->getMessage(); + $result = false; + } + + return $result; + } + + /** + * Returns true if this is a non-admin Windows user account + * + * @param null|string $isCygwin Set by method + * @return bool + */ + protected function isWindowsNonAdminUser(&$isCygwin) + { + $isCygwin = preg_match('/cygwin/i', php_uname()); + + if (!$isCygwin && !Platform::isWindows()) { + return false; + } + + // fltmc.exe manages filter drivers and errors without admin privileges + $command = sprintf('%sfltmc.exe filters', $isCygwin ? 'cmd.exe /c ' : ''); + exec($command, $output, $exitCode); + + return $exitCode !== 0; + } + + /** + * Invokes a UAC prompt to update composer.phar as an admin + * + * Uses a .vbs script to elevate and run the cmd.exe move command. + * + * @param string $localFilename The composer.phar location + * @param string $newFilename The downloaded or backup phar + * @param bool $isCygwin Whether we are running on Cygwin + * @return bool Whether composer.phar has been updated + */ + protected function tryAsWindowsAdmin($localFilename, $newFilename, $isCygwin) + { + $io = $this->getIO(); + + $io->writeError('Unable to write "'.$localFilename.'". Access is denied.'); + $helpMessage = 'Please run the self-update command as an Administrator.'; + $question = 'Complete this operation with Administrator priviledges [Y,n]? '; + + if (!$io->askConfirmation($question, false)) { + $io->writeError('Operation cancelled. '.$helpMessage.''); + + return false; + } + + $tmpFile = tempnam(sys_get_temp_dir(), ''); + $script = $tmpFile.'.vbs'; + rename($tmpFile, $script); + + $checksum = hash_file('sha256', $newFilename); + + // format the file names for cmd.exe + if ($isCygwin) { + $source = exec(sprintf("cygpath -w '%s'", $newFilename)); + $destination = exec(sprintf("cygpath -w '%s'", $localFilename)); + } else { + // cmd's internal move is fussy about backslashes + $source = str_replace('/', '\\', $newFilename); + $destination = str_replace('/', '\\', $localFilename); + } + + $vbs = <<writeError('Operation succeeded.'); + } else { + $io->writeError('Operation failed (file not written). '.$helpMessage.''); + }; + + return $result; + } }