public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
3,395 Commits
3 Branches
209 Tags
54 MiB
Commit Graph

498 Commits (4cac2caf7086b75da808a13449d3d10e54a8762f)

Author SHA1 Message Date
Justin Rovang 60e95aed76 Added realpath to VcsDriver constructor 
See https://github.com/composer/composer/pull/1828
 2013-05-29 17:53:18 -05:00
Jordi Boggiano b38db73611 Clean up rogue git env vars in case this is running in a git hook, refs #1832 2013-05-27 19:54:46 +02:00
Jordi Boggiano 5267bafa2c Retry fetching composer.json files twice since github returns 404s at random at the moment 
@bhuga confirmed it is the best approach until github finds a fix. /cc @gillesruppert enjoy whatever your bet wins you
 2013-05-16 02:27:13 +02:00
Jordi Boggiano 3f2b9b4d4b Avoid overwriting notification-url 2013-05-16 02:27:11 +02:00
Jordi Boggiano 4b26c627ff Retry file downloads 3 times before giving up in case of basic network failure 2013-05-03 12:29:54 +02:00
Jordi Boggiano a7e88f7a80 Unfold aliases in streamable repos since aliases are already loaded by the pool, refs #1346, fixes #1851 2013-05-02 17:43:45 +02:00
Jordi Boggiano 5264d0637b Fix regression added in 33af9eea95, fixes #1841 2013-04-28 22:50:24 +02:00
Jordi Boggiano 33af9eea95 Always dump packages, even if only an alias is added, fixes #1809 2013-04-28 15:33:01 +02:00
Jordi Boggiano faa419cc0e Merge remote-tracking branch 'hason/alias' 2013-04-28 12:54:59 +02:00
Jordi Boggiano 895058d1ce Merge remote-tracking branch 'spaun/master' 2013-04-27 17:36:05 +02:00
Jordi Boggiano 1b030a76d4 CS and wording fixes, refs #1728 2013-04-27 17:32:35 +02:00
Jordi Boggiano e50173ff93 Merge remote-tracking branch 'nfx/artefact-repo-type' 2013-04-27 17:26:02 +02:00
Andrey Utkin 28c219311c Rename module-path to package-path 2013-04-27 22:20:50 +07:00
Andrey Utkin 9022b0ae38 Default module path to empty string 2013-04-24 09:32:16 +07:00
Andrey Utkin 340e960614 Allow svn repositories to reside deeper than module root 2013-04-23 12:27:52 +07:00
Jordi Boggiano 313b79ee13 Implement search over description/keywords, refs #1801 2013-04-15 19:04:22 +02:00
Jordi Boggiano 3a612dca01 Only return search matches once, fixes #1801 2013-04-15 18:56:47 +02:00
Martin Hasoň 753a8345cb Added support for the alias of an aliased package 2013-04-11 13:20:34 +02:00
Jordi Boggiano d38eb244fa Add PlatformRepository::PLATFORM_PACKAGE_REGEX to remove duplication 2013-04-06 22:26:10 +02:00
Jordi Boggiano 370a9a40fc Add comment to clarify change 2013-04-06 21:38:19 +02:00
Jordi Boggiano 8401c78349 Merge pull request #1770 from sarunas/master 
Moving svn driver to the last position as it causes conflicts with hg over http
 2013-04-06 12:36:39 -07:00
Jordi Boggiano 2b385cbe58 Fix dependency flags not applying to provides/replaces, fixes #1771 2013-04-04 17:41:01 +02:00
Šarūnas Dubinskas 29b43ca082 Moving svn driver to the last position as it causes conflicts with hg over http 2013-04-04 09:15:36 +03:00
Serge Smertin 6cec5b0399 Added notice about need of zip extension 2013-04-04 00:00:02 +02:00
Serge Smertin 07920c48a6 Removed dev-master as default version for versionless artifact 2013-04-03 23:49:32 +02:00
Serge Smertin b5e1457470 set version to dev-master to artifacts without version 2013-03-31 21:44:48 +02:00
Serge Smertin f25bfe09c5 added support for nested location of composer.json files within artifacts 2013-03-31 21:08:11 +02:00
Serge Smertin 586911f7a1 added verbose logging for artifact directory scan 2013-03-31 21:08:11 +02:00
Serge Smertin 0aad11801e added logging for wrong files 2013-03-31 21:08:10 +02:00
Serge Smertin 4b176f11f2 added artifact repository initial functionality 2013-03-31 21:08:10 +02:00
Jordi Boggiano 41392ace56 Check that a repo has no providers when getPackages is called to catch any mis-use 2013-03-10 13:40:54 +01:00
Jordi Boggiano be861f090a Remove filterPackages and add RepositoryInterface::search, refactor all commands to use new methods and remove all usage of the full package list for Composer repositories that support providers, fixes #1646 2013-03-10 13:40:52 +01:00
Jordi Boggiano 095852933e Remove code duplication, add support for searchUrl 2013-03-10 13:40:50 +01:00
Jordi Boggiano 06026d6b93 Add @deprecated note 2013-03-03 17:59:13 +01:00
Jordi Boggiano 4207fc3b19 Refactor require-dev handling to use one single repository and a one pass solving, fixes #719, fixes #1185, fixes #1330, fixes #789, fixes #640 2013-03-03 00:41:12 +01:00
Jordi Boggiano 259a25344d Use the api to get file contents instead of raw.github.com 
raw.github does not like the access_token query param
 2013-02-27 14:10:28 +01:00
Jordi Boggiano 573b7a0fb7 Only downgrade providers but not the notification url 2013-02-27 13:32:21 +01:00
Jordi Boggiano f69418427f Add lib-ICU platform package 2013-02-27 13:11:35 +01:00
Jordi Boggiano 15e9c3d101 Show proper error message when a git bitbucket repo is loaded as hg repo, refs composer/packagist#294 2013-02-27 10:54:19 +01:00
Jordi Boggiano d4c9a9004a Add support for the hashed provider includes 2013-02-21 18:51:22 +01:00
Jordi Boggiano 2c4c5dd764 Fail hard only after 3 failed attempts 2013-02-21 18:18:04 +01:00
Jordi Boggiano b750e70f5f Abort execution when a RepositorySecurityException is thrown 2013-02-21 17:41:38 +01:00
Jordi Boggiano 995dc40130 Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256 2013-02-21 17:37:18 +01:00
Jordi Boggiano 211b69b38b Adjust exception message 2013-02-21 17:07:53 +01:00
Jordi Boggiano b59489f6ae Merge remote-tracking branch 'edas/exception-on-broken-signature' 2013-02-21 17:04:41 +01:00
Jordi Boggiano 9521d1e7ad Make use of new hashed provider filenames, fixes #1431, refs composer/packagist#283 2013-02-21 16:50:04 +01:00
Eric Daspet a8a99cee24 Fix RepositorySecurityException class name 2013-02-15 09:52:31 +01:00
Eric Daspet 59f8be3b92 Throw Exception on broken signature 
This is related to issue #1562

With a fresh installation of Composer I had the following message:

> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.

This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.

*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.

This is a *serious* security issue.

The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states

```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````

Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.

Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
 2013-02-14 15:53:40 +01:00
Jordi Boggiano 17a5bdf162 Normalize github URLs generated by the GitHubDriver, fixes #1551 2013-02-13 12:55:14 +01:00
Jordi Boggiano 432955e0ae Fix github url escaping, raw.github.com doesnt like escaped slashes 2013-02-11 09:34:50 +01:00