340e960614
Allow svn repositories to reside deeper than module root
2013-04-23 12:27:52 +07:00
313b79ee13
Implement search over description/keywords, refs #1801
2013-04-15 19:04:22 +02:00
3a612dca01
Only return search matches once, fixes #1801
2013-04-15 18:56:47 +02:00
753a8345cb
Added support for the alias of an aliased package
2013-04-11 13:20:34 +02:00
d38eb244fa
Add PlatformRepository::PLATFORM_PACKAGE_REGEX to remove duplication
2013-04-06 22:26:10 +02:00
370a9a40fc
Add comment to clarify change
2013-04-06 21:38:19 +02:00
8401c78349
Merge pull request #1770 from sarunas/master
...
Moving svn driver to the last position as it causes conflicts with hg over http
2013-04-06 12:36:39 -07:00
2b385cbe58
Fix dependency flags not applying to provides/replaces, fixes #1771
2013-04-04 17:41:01 +02:00
29b43ca082
Moving svn driver to the last position as it causes conflicts with hg over http
2013-04-04 09:15:36 +03:00
6cec5b0399
Added notice about need of zip extension
2013-04-04 00:00:02 +02:00
07920c48a6
Removed dev-master as default version for versionless artifact
2013-04-03 23:49:32 +02:00
b5e1457470
set version to dev-master to artifacts without version
2013-03-31 21:44:48 +02:00
f25bfe09c5
added support for nested location of composer.json files within artifacts
2013-03-31 21:08:11 +02:00
586911f7a1
added verbose logging for artifact directory scan
2013-03-31 21:08:11 +02:00
0aad11801e
added logging for wrong files
2013-03-31 21:08:10 +02:00
4b176f11f2
added artifact repository initial functionality
2013-03-31 21:08:10 +02:00
41392ace56
Check that a repo has no providers when getPackages is called to catch any mis-use
2013-03-10 13:40:54 +01:00
be861f090a
Remove filterPackages and add RepositoryInterface::search, refactor all commands to use new methods and remove all usage of the full package list for Composer repositories that support providers, fixes #1646
2013-03-10 13:40:52 +01:00
095852933e
Remove code duplication, add support for searchUrl
2013-03-10 13:40:50 +01:00
06026d6b93
Add @deprecated note
2013-03-03 17:59:13 +01:00
4207fc3b19
Refactor require-dev handling to use one single repository and a one pass solving, fixes #719 , fixes #1185 , fixes #1330 , fixes #789 , fixes #640
2013-03-03 00:41:12 +01:00
259a25344d
Use the api to get file contents instead of raw.github.com
...
raw.github does not like the access_token query param
2013-02-27 14:10:28 +01:00
573b7a0fb7
Only downgrade providers but not the notification url
2013-02-27 13:32:21 +01:00
f69418427f
Add lib-ICU platform package
2013-02-27 13:11:35 +01:00
15e9c3d101
Show proper error message when a git bitbucket repo is loaded as hg repo, refs composer/packagist#294
2013-02-27 10:54:19 +01:00
d4c9a9004a
Add support for the hashed provider includes
2013-02-21 18:51:22 +01:00
2c4c5dd764
Fail hard only after 3 failed attempts
2013-02-21 18:18:04 +01:00
b750e70f5f
Abort execution when a RepositorySecurityException is thrown
2013-02-21 17:41:38 +01:00
995dc40130
Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256
2013-02-21 17:37:18 +01:00
211b69b38b
Adjust exception message
2013-02-21 17:07:53 +01:00
b59489f6ae
Merge remote-tracking branch 'edas/exception-on-broken-signature'
2013-02-21 17:04:41 +01:00
9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
2013-02-21 16:50:04 +01:00
a8a99cee24
Fix RepositorySecurityException class name
2013-02-15 09:52:31 +01:00
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
2013-02-14 15:53:40 +01:00
17a5bdf162
Normalize github URLs generated by the GitHubDriver, fixes #1551
2013-02-13 12:55:14 +01:00
432955e0ae
Fix github url escaping, raw.github.com doesnt like escaped slashes
2013-02-11 09:34:50 +01:00
8904888a74
Add php-64bit package if the php version has 64bit ints, fixes #1506 , fixes #1511
2013-01-23 15:55:48 +01:00
514a3cde77
CS fixes
2013-01-05 20:01:58 +01:00
5b24a48827
Allow disabling svn branches/tags, fixes composer/satis#43
2012-12-08 17:41:46 +01:00
04c6670f0c
Detect invalid ssh URLs, fixes #1124
2012-12-05 23:23:01 +01:00
224934831d
Change all github archive URLs to API URLs and handle fallback for those to nodeload
2012-12-05 19:20:52 +01:00
120f52c632
Generate private zipball urls for private repositories
2012-12-05 18:55:13 +01:00
cebd43e735
fixed detection of inactive branches in hg
2012-12-03 01:21:56 +01:00
a8f74a0983
Allow notification from locked installs, fixes #1368 , fixes #1372 , fixes #1369
2012-11-29 09:24:28 +01:00
e868c9706b
Add support for batch notifications
2012-11-28 18:44:49 +01:00
9713bf8bec
Fix for PearRepository scheme handling, broke ChannelReaderTest.
2012-11-23 18:36:22 +01:00
0be2fd12e4
Fix for PEAR package downloading in PearRepository: now using https as
...
scheme if the PEAR channel uses https. The old behavior broke installing
PEAR packages from https-only PEAR channels.
2012-11-23 18:08:32 +01:00
15475f0ef2
Rename cache dirs to consolidate them by purpose
2012-11-23 00:15:14 +01:00
326fcbcab7
Enforce UTC on all datetime instances, set lock release date to datetime always, refs #923
2012-11-20 14:36:42 +01:00
172414a1f0
Add support for ~/+ in addition to - as separator between PHP version and build details, fixes #1322
2012-11-14 10:55:51 +01:00
4f5d08e2ad
Add InvalidRepositoryException
2012-11-08 15:05:00 +01:00
4959c2bdc6
Replace references of a11n with a12n where appropriate
...
Authorization => Authentication.
2012-11-07 13:34:31 +01:00
cbd91b5952
Fix FILTER_VALIDATE_URL not supporting IDNs
2012-11-05 15:39:43 +01:00
0c61e9d345
Add warning/errors flags to VCS repo output
2012-11-05 12:38:11 +01:00
dae7f3cee7
Add a way to know if any branch failed loading
2012-11-05 12:28:53 +01:00
61bd34df55
Make sure error output is clearly visible
2012-11-05 12:24:50 +01:00
967c771b26
Add warnings to ValidatingArrayLoader that are simply stripped by default, add reporting of warnings when loading branches
2012-11-05 12:08:02 +01:00
1682532b80
Update code to use new github archive URLs
2012-11-04 14:01:22 +01:00
bb701da8c2
Do not overwrite output in verbose mode
2012-11-02 18:12:40 +01:00
45c1c3f881
Fixed package name for stability test in ComposerRepository
2012-10-30 22:20:49 +01:00
b10c832be0
fixed a typo
2012-10-28 09:57:42 +01:00
2b06503027
SvnDriver fixes
2012-10-26 01:53:34 +02:00
83fd3967f0
Fixed PHPDoc
2012-10-24 23:44:40 +00:00
5eead93250
Fixed typos
2012-10-24 23:14:04 +00:00
125ff3e4f5
Fix root aliasing with new providers repo format
2012-10-24 16:11:32 +02:00
ad9f887edd
Clarify error message to sound less scary until we can guarantee it
2012-10-23 10:53:17 +02:00
9ed481ef02
Fix handling of legacy Composer repositories
2012-10-22 21:40:32 +01:00
e887f6cea9
Fix CS
2012-10-22 20:25:11 +02:00
89d4df990a
Use JsonFile to decode cached entries
2012-10-22 17:56:30 +02:00
bebd1ce9c7
Always check for OAuth token in git config, fixes #1243
2012-10-22 17:11:34 +02:00
1760b1e093
Prevent CompositeRepository instances from being nested
2012-10-22 14:29:34 +02:00
fef3dacdfb
Reset ids of aliased packages as well
2012-10-22 14:28:55 +02:00
39e69a3b12
Refactor OAuth acquisition code to generalize it
2012-10-21 17:56:57 +02:00
bf5f34a114
Merge remote-tracking branch '1stvamp/github-tokens-from-git-config'
2012-10-21 17:12:14 +02:00
338127ff9c
Disable failure on hash mismatch until it can be proven to work reliably
2012-10-21 16:10:47 +02:00
3116c979d3
Fix undefined var, fixes #1235
2012-10-21 16:03:05 +02:00
573e4b2a7c
Merge branch 'newrepo'
2012-10-21 14:18:00 +02:00
5fb0403276
Use process executor instead of exec to run git config
2012-10-21 10:05:56 +01:00
1442c1e026
Damnable tabs!
2012-10-21 10:02:33 +01:00
2cb07dd2fe
Allow use of Github OAuth2 token stored in git config
2012-10-21 01:06:56 +01:00
0a3097c569
Merge remote-tracking branch 'bboer/feature/svn-alternative-structures'
...
Conflicts:
src/Composer/Repository/Vcs/GitHubDriver.php
2012-10-19 12:19:19 +02:00
5051e7a0a2
Only try to authorize when fetching the repo info, not subsequent calls, refs #423
2012-10-19 10:24:00 +02:00
32282e7461
Add hostname to the OAuth app name
2012-10-18 17:08:34 +02:00
a9811c4e40
Store and reload the github token to/from the config
2012-10-18 16:48:44 +02:00
3b01d26d67
Swap user credentials for an OAuth token from GitHub
2012-10-18 16:48:42 +02:00
1bd5d88b02
quick workaround for Github API limit
2012-10-18 16:48:41 +02:00
5978197b5d
Reset package IDs before they can be used in the pool in case there are already some in the cache
2012-10-18 12:57:55 +02:00
ee0cd07468
CS fixes
2012-10-18 10:35:06 +02:00
541bcabbc0
Actually check the hash after downloading
2012-10-15 14:37:27 +02:00
07f72e9fb6
Add support for provider listings
2012-10-14 16:33:53 +02:00
a3f9accd37
Fix various dumb issues
2012-10-13 18:54:48 +02:00
aafc1f7857
Make sure alias package have a repo instance set
2012-10-13 17:19:06 +02:00
41c7432fef
Do not fetch from repo for packages that obviously can not be there
2012-10-13 17:18:47 +02:00
c0e5736ae7
Add support for one-file-per-provider composer repositories
2012-10-12 18:24:26 +02:00
fde3477563
Report issues in HgDriver as well
2012-10-12 11:23:30 +02:00
08670e7666
Report errors properly when git driver fails to write in the cache, refs #482
2012-10-12 11:16:47 +02:00
116b822953
Fix loop and add missing options
2012-10-11 21:35:51 +02:00
1d80720405
Add retries and failover of all jsons to cache even if the main one worked
2012-10-11 21:26:11 +02:00
fb296972ef
Enable https for packagist when possible
2012-10-11 20:57:31 +02:00
b3077bc4bc
Merge pull request #1177 from sandermarechal/stream-context
...
Allow setting stream context options
2012-10-04 09:18:08 -07:00
Andrey Utkin