Jordi Boggiano
8518cd1be8
Add post-autoload-dump event to docs/schema
2013-02-22 18:44:50 +01:00
Jordi Boggiano
8d55b9cced
Merge remote-tracking branch 'ronnylt/script-event-post-dump-autoload'
...
Conflicts:
tests/Composer/Test/Autoload/AutoloadGeneratorTest.php
2013-02-22 18:42:29 +01:00
Jeff Turcotte
6428aa1aa2
Further simplified Satis Config intro
2013-02-22 09:48:43 -05:00
Jeff Turcotte
f6059890b1
Satis configuration file description
...
Better upfront description of what a Satis configuration file actually is. Was previously not clear the name didn't matter until further down.
2013-02-21 21:05:27 -05:00
Jordi Boggiano
cee34b4faa
Add the include_paths.php autoload file to the phar when it is present
2013-02-21 18:53:39 +01:00
Jordi Boggiano
d4c9a9004a
Add support for the hashed provider includes
2013-02-21 18:51:22 +01:00
Jordi Boggiano
2c4c5dd764
Fail hard only after 3 failed attempts
2013-02-21 18:18:04 +01:00
Jordi Boggiano
c7ed20e9d8
Fix minor issues in json code
2013-02-21 17:58:23 +01:00
Jordi Boggiano
5f48d5277d
Fix tests
2013-02-21 17:45:03 +01:00
Jordi Boggiano
b750e70f5f
Abort execution when a RepositorySecurityException is thrown
2013-02-21 17:41:38 +01:00
Jordi Boggiano
545372172d
Document provider-includes
2013-02-21 17:41:16 +01:00
Jordi Boggiano
995dc40130
Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256
2013-02-21 17:37:18 +01:00
Jordi Boggiano
211b69b38b
Adjust exception message
2013-02-21 17:07:53 +01:00
Jordi Boggiano
b59489f6ae
Merge remote-tracking branch 'edas/exception-on-broken-signature'
2013-02-21 17:04:41 +01:00
Jordi Boggiano
9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
2013-02-21 16:50:04 +01:00
Jordi Boggiano
b4c2347b24
Test fixes
2013-02-20 16:50:26 +01:00
Jordi Boggiano
3ca22f9ef1
Fix class name
2013-02-20 15:27:11 +01:00
Jordi Boggiano
27898c4c31
Suppress errors from mkdir calls that are checked for failure
2013-02-20 14:51:15 +01:00
Jordi Boggiano
0525297ff5
Always move time to the end of the package spec in the lock file, fixes #1498
2013-02-20 13:27:45 +01:00
Jordi Boggiano
b7cd971b06
Merge pull request #1598 from fabpot/package-time-fix
...
fixed time parsing when the composer.lock file has an old time format
2013-02-20 01:01:38 -08:00
Fabien Potencier
ab4e3fbf86
fixed time parsing when the composer.lock file has an old time format
2013-02-19 19:42:59 +01:00
Jordi Boggiano
9dfdc86292
Rephrase package not found troubleshooting entry
2013-02-19 16:18:45 +01:00
Jordi Boggiano
7620541c27
Merge remote-tracking branch 'pscheit/patch-1'
2013-02-19 16:11:58 +01:00
Jordi Boggiano
97fdcd7207
Clarify tilde operator docs
2013-02-19 16:11:49 +01:00
Jordi Boggiano
5a484cb3a9
Make sure target-dir plays well with classmap and files autoload, for root and deps, refs #1550
2013-02-19 15:23:43 +01:00
Jordi Boggiano
ab1256e135
Merge remote-tracking branch 'cmodijk/master'
2013-02-19 14:21:31 +01:00
Jordi Boggiano
518253e150
Show proper repo information and not always the default ones
2013-02-19 11:54:20 +01:00
Jordi Boggiano
8ac4b649c3
Merge remote-tracking branch 'gerryvdm/master'
...
Conflicts:
src/Composer/Command/ShowCommand.php
2013-02-19 11:42:15 +01:00
Jordi Boggiano
b7b1a1eab6
Merge remote-tracking branch 'igorw/patch-5'
2013-02-19 11:33:06 +01:00
Jordi Boggiano
087bc44f44
Update deps
2013-02-18 23:32:56 +01:00
Jordi Boggiano
b4d691e46d
Add test for escape sequences
2013-02-18 22:13:54 +01:00
Igor Wiedler
c1a4e5d43b
Add curl -sS everywhere
2013-02-18 17:56:13 +01:00
Igor Wiedler
ce7a75fe03
Display SSL errors
...
`curl -s` not only hides the progress bar, it also hides errors. `-S` makes the errors show up again.
2013-02-18 17:51:12 +01:00
Jordi Boggiano
e348642aa7
Fix json manipulator handling of escaped backslashes, fixes #1588
2013-02-18 17:27:43 +01:00
Jordi Boggiano
1e15edc43d
Fix repository test
2013-02-18 08:34:23 +01:00
Jordi Boggiano
4615ded35e
Merge pull request #1592 from shama/faq-installers
...
Recommend actual version as constraint with installers.
2013-02-17 23:14:38 -08:00
Kyle Robinson Young
94a708cfc5
Recommend actual version as constraint with installers. Ref composer/installers#58 .
2013-02-17 16:54:29 -08:00
Jordi Boggiano
940c2a079d
Show failures more clearly in test setup
2013-02-16 00:15:18 +01:00
Jordi Boggiano
2e12993c9c
Make selfupdate use ssl when possible
2013-02-15 23:55:20 +01:00
Jordi Boggiano
d4fb7bd251
Substract 1char from the width to avoid blank lines in the output on windows
2013-02-15 14:23:08 +01:00
Jordi Boggiano
211ca0c826
Merge remote-tracking branch 'KingCrunch/pretty-show'
2013-02-15 14:19:35 +01:00
Jordi Boggiano
c55c9e4e8d
Use strtr instead of str_replace
2013-02-15 12:54:33 +01:00
Jordi Boggiano
79163023fc
Merge remote-tracking branch 'johnstevenson/backslash-fix'
2013-02-15 12:53:50 +01:00
Sebastian Krebs
b5c7d97e8c
Pretty "show"-command
2013-02-15 12:17:39 +01:00
Eric Daspet
a8a99cee24
Fix RepositorySecurityException class name
2013-02-15 09:52:31 +01:00
johnstevenson
a2525c8fbe
Replace backslashes in Window directories for config --list
2013-02-14 23:12:24 +00:00
Jordi Boggiano
625e174f76
Update deps & changelog format
2013-02-14 17:14:46 +01:00
Eric Daspet
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
2013-02-14 15:53:40 +01:00
Cliff Odijk
5127fe8359
added type check to autoloader fixes #1504
2013-02-14 00:10:18 +01:00
Jordi Boggiano
2b36f61596
Use full hash in version information of dev phars, fixes #1502
2013-02-13 14:32:50 +01:00