public-mirrors
/
composer
mirror of https://github.com/composer/composer
1
0
Fork 0
Code
4,703 Commits
3 Branches
212 Tags
55 MiB
Commit Graph

107 Commits (ad9c3d3b30c7c3d0630a3827702e2b52b9a12352)

Author SHA1 Message Date
Jordi Boggiano 3ff8bcffea Allow loading of real composer repos by local path, fixes #1899 2014-12-08 22:04:10 +00:00
Nils Adermann 89bd9be295 This entirely removes StreamableRepositories and minimal package arrays 2014-11-20 17:23:51 +01:00
Nils Adermann 9751e1ab58 Remove unnecessary collection of names which isn't used 2014-11-20 12:54:56 +01:00
aaukt f8fae61b05 Add fallback for findPackage(s) for repo without provider 
This was introcuced in a4d43ee860, but is missing the fallback for a repository without providers.
 2014-10-17 09:10:47 +02:00
Jordi Boggiano ac497feaba CS fixes 2014-06-10 16:13:12 +02:00
Jordi Boggiano d036b2390e Load root aliases for providers by package name and not by provider name, fixes #3043 2014-06-09 19:36:06 +02:00
Jordi Boggiano 58d01b2c6e Merge pull request #2988 from tristanlins/feature/composer-repository-find-packages 
ComposerRepository::findPackage[s]
 2014-06-05 10:55:27 +02:00
Jordi Boggiano 0c343f925a Clarify code 2014-05-14 11:25:20 +02:00
Tristan Lins a4d43ee860 Implement ComposerRepository::findPackage and ComposerRepository::findPackages. 2014-05-13 23:54:48 +02:00
Jordi Boggiano 2a7a954f62 Handle multiple urls in package transport options 2014-05-07 19:34:46 +02:00
Jordi Boggiano b6981d09e8 Fix handling of origin url in composer repository class 2014-05-07 19:34:43 +02:00
Jordi Boggiano 31b787249c More fixes to mirror support 2014-05-07 19:34:40 +02:00
Jordi Boggiano 44e45ed2d5 Add support for lazy providers/proxies 2014-05-07 19:34:36 +02:00
Jordi Boggiano 77163f66fc Add support for mirrors in composer repos 2014-05-07 19:34:35 +02:00
Jordi Boggiano faeb706de6 Handle alias packages properly, refs #2189 2014-05-07 19:10:55 +02:00
Jordi Boggiano 32cd883daa Rename options to transport-options, refs #2189 2014-05-07 18:25:28 +02:00
Jordi Boggiano 016a016455 Merge remote-tracking branch 'lcobucci/master' 
Conflicts:
	src/Composer/Downloader/FileDownloader.php
 2014-05-07 18:02:46 +02:00
Jordi Boggiano b437c1cc05 Support github auth directly in the RemoteFilesystem class 2014-04-11 14:29:17 +02:00
Luís Otávio Cobucci Oblonczyk 0f2c0ab389 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	src/Composer/Downloader/FileDownloader.php
 2013-12-29 00:37:08 +00:00
Jérémy JOURDIN fbadc19bf6 Add preFileDownload event on package.json fetch 2013-11-19 17:45:28 +01:00
Carsten Brandt f538acc4b0 added support for file:// url to repository 
file:// is valid url even if it does not define a host.

allows to define a repo like this (local directory generated with
composer/satis):

```json
{
	"repositories": [ { "type": "composer", "url": "file:///home/cebe/dev/jescali/xeno-core/core/repo" } ],
	"require": {
        ...
	}
}
```
 2013-10-30 17:46:35 +01:00
Luís Otávio Cobucci Oblonczyk 0b77a59af6 Repository options must be replicated on package when dist file is under 
repository base dir
 2013-08-19 04:40:54 -03:00
Jordi Boggiano 3f2b9b4d4b Avoid overwriting notification-url 2013-05-16 02:27:11 +02:00
Jordi Boggiano 4b26c627ff Retry file downloads 3 times before giving up in case of basic network failure 2013-05-03 12:29:54 +02:00
Jordi Boggiano a7e88f7a80 Unfold aliases in streamable repos since aliases are already loaded by the pool, refs #1346, fixes #1851 2013-05-02 17:43:45 +02:00
Martin Hasoň 753a8345cb Added support for the alias of an aliased package 2013-04-11 13:20:34 +02:00
Jordi Boggiano d38eb244fa Add PlatformRepository::PLATFORM_PACKAGE_REGEX to remove duplication 2013-04-06 22:26:10 +02:00
Jordi Boggiano 2b385cbe58 Fix dependency flags not applying to provides/replaces, fixes #1771 2013-04-04 17:41:01 +02:00
Jordi Boggiano 41392ace56 Check that a repo has no providers when getPackages is called to catch any mis-use 2013-03-10 13:40:54 +01:00
Jordi Boggiano be861f090a Remove filterPackages and add RepositoryInterface::search, refactor all commands to use new methods and remove all usage of the full package list for Composer repositories that support providers, fixes #1646 2013-03-10 13:40:52 +01:00
Jordi Boggiano 095852933e Remove code duplication, add support for searchUrl 2013-03-10 13:40:50 +01:00
Jordi Boggiano 573b7a0fb7 Only downgrade providers but not the notification url 2013-02-27 13:32:21 +01:00
Jordi Boggiano d4c9a9004a Add support for the hashed provider includes 2013-02-21 18:51:22 +01:00
Jordi Boggiano 2c4c5dd764 Fail hard only after 3 failed attempts 2013-02-21 18:18:04 +01:00
Jordi Boggiano b750e70f5f Abort execution when a RepositorySecurityException is thrown 2013-02-21 17:41:38 +01:00
Jordi Boggiano 995dc40130 Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256 2013-02-21 17:37:18 +01:00
Jordi Boggiano 211b69b38b Adjust exception message 2013-02-21 17:07:53 +01:00
Jordi Boggiano b59489f6ae Merge remote-tracking branch 'edas/exception-on-broken-signature' 2013-02-21 17:04:41 +01:00
Jordi Boggiano 9521d1e7ad Make use of new hashed provider filenames, fixes #1431, refs composer/packagist#283 2013-02-21 16:50:04 +01:00
Eric Daspet 59f8be3b92 Throw Exception on broken signature 
This is related to issue #1562

With a fresh installation of Composer I had the following message:

> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.

This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.

*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.

This is a *serious* security issue.

The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states

```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````

Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.

Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
 2013-02-14 15:53:40 +01:00
Jordi Boggiano a8f74a0983 Allow notification from locked installs, fixes #1368, fixes #1372, fixes #1369 2012-11-29 09:24:28 +01:00
Jordi Boggiano e868c9706b Add support for batch notifications 2012-11-28 18:44:49 +01:00
Jordi Boggiano 15475f0ef2 Rename cache dirs to consolidate them by purpose 2012-11-23 00:15:14 +01:00
Jordi Boggiano cbd91b5952 Fix FILTER_VALIDATE_URL not supporting IDNs 2012-11-05 15:39:43 +01:00
Martin Hasoň 45c1c3f881 Fixed package name for stability test in ComposerRepository 2012-10-30 22:20:49 +01:00
Bilal Amarni b10c832be0 fixed a typo 2012-10-28 09:57:42 +01:00
Jordi Boggiano 125ff3e4f5 Fix root aliasing with new providers repo format 2012-10-24 16:11:32 +02:00
Jordi Boggiano ad9f887edd Clarify error message to sound less scary until we can guarantee it 2012-10-23 10:53:17 +02:00
Chris Smith 9ed481ef02 Fix handling of legacy Composer repositories 2012-10-22 21:40:32 +01:00
Jordi Boggiano e887f6cea9 Fix CS 2012-10-22 20:25:11 +02:00