9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
2013-02-21 16:50:04 +01:00
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
2013-02-14 15:53:40 +01:00
a8f74a0983
Allow notification from locked installs, fixes #1368 , fixes #1372 , fixes #1369
2012-11-29 09:24:28 +01:00
e868c9706b
Add support for batch notifications
2012-11-28 18:44:49 +01:00
15475f0ef2
Rename cache dirs to consolidate them by purpose
2012-11-23 00:15:14 +01:00
cbd91b5952
Fix FILTER_VALIDATE_URL not supporting IDNs
2012-11-05 15:39:43 +01:00
45c1c3f881
Fixed package name for stability test in ComposerRepository
2012-10-30 22:20:49 +01:00
b10c832be0
fixed a typo
2012-10-28 09:57:42 +01:00
125ff3e4f5
Fix root aliasing with new providers repo format
2012-10-24 16:11:32 +02:00
ad9f887edd
Clarify error message to sound less scary until we can guarantee it
2012-10-23 10:53:17 +02:00
9ed481ef02
Fix handling of legacy Composer repositories
2012-10-22 21:40:32 +01:00
e887f6cea9
Fix CS
2012-10-22 20:25:11 +02:00
89d4df990a
Use JsonFile to decode cached entries
2012-10-22 17:56:30 +02:00
fef3dacdfb
Reset ids of aliased packages as well
2012-10-22 14:28:55 +02:00
338127ff9c
Disable failure on hash mismatch until it can be proven to work reliably
2012-10-21 16:10:47 +02:00
5978197b5d
Reset package IDs before they can be used in the pool in case there are already some in the cache
2012-10-18 12:57:55 +02:00
541bcabbc0
Actually check the hash after downloading
2012-10-15 14:37:27 +02:00
07f72e9fb6
Add support for provider listings
2012-10-14 16:33:53 +02:00
a3f9accd37
Fix various dumb issues
2012-10-13 18:54:48 +02:00
aafc1f7857
Make sure alias package have a repo instance set
2012-10-13 17:19:06 +02:00
41c7432fef
Do not fetch from repo for packages that obviously can not be there
2012-10-13 17:18:47 +02:00
c0e5736ae7
Add support for one-file-per-provider composer repositories
2012-10-12 18:24:26 +02:00
116b822953
Fix loop and add missing options
2012-10-11 21:35:51 +02:00
1d80720405
Add retries and failover of all jsons to cache even if the main one worked
2012-10-11 21:26:11 +02:00
fb296972ef
Enable https for packagist when possible
2012-10-11 20:57:31 +02:00
6cf860669f
Add repository stream context options
...
Add support for passing stream context options to the
StreamContextFactory. This allows support for SSH keyfiles, SSL
certificates and much more. Example:
{
"repositories": [
{
"type": "composer",
"url": "ssh2.sftp://host:22/path/to/packages.json",
"options": {
"ssh2": {
"username": "composer",
"pubkey_file": "/path/to/composer.key.pub",
"privkey_file": "/path/to/composer.key"
}
}
}
]
}
2012-10-03 14:49:41 +02:00
4799053ca9
Allow dot in URL scheme
...
This makes it possible to support SSH2 urls, like ssh2.scp://
See: http://www.php.net/manual/en/wrappers.ssh2.php
2012-10-03 10:50:02 +02:00
c14826dd1e
Fix exception handling when loading repos
2012-09-08 13:49:37 +02:00
fe4516aff8
Clarify exception messages when a package can not be loaded from a composer repository, fixes #1070
2012-09-08 02:00:02 +02:00
57d1b5a37d
Issue #1056 . Fixed callback call error on search command.
2012-09-06 09:15:29 +03:00
803178d28f
CS fixes for #1038
2012-08-29 15:24:05 +02:00
560d6daccf
Using separate variable for URL parts
2012-08-29 15:12:08 +02:00
841efc98a6
Appending 'packages.json' only if not present in URL
2012-08-29 15:08:04 +02:00
c14bc368b0
Fix memory usage of the update command
2012-08-24 02:29:37 +02:00
e3b6bd781c
Add RepositoryInterface::filterPackages to stream ops on lists
...
This cuts down on memory usage and also speeds up the search command to a third of its previous time
2012-08-24 02:29:33 +02:00
d6de4a0036
Rename Package interfaces to reduce BC issues
2012-08-24 02:29:31 +02:00
e46d26cb9b
Add loadAliasPackage to the StreamableRepositoryInterface and clear up responsibilities between Pool and Repositories
2012-08-24 02:29:29 +02:00
26e8217db7
Remove duplication of branch alias parsing code
2012-08-24 02:29:26 +02:00
2d4076e9b2
Add support for aliases in streamed repos
2012-08-24 02:29:24 +02:00
c8a685be6b
Reduce memory usage by only loading packages that are actually needed, fixes #456
2012-08-24 02:29:23 +02:00
a54bf6269e
Improve error messages when network failures occur
2012-08-17 16:51:58 +02:00
2d41774bcc
Add warning when loading an https repo if openssl is disabled, refs #930
2012-07-20 10:27:18 +02:00
d80180c2b9
Allow notifyUrl to be a complete URL
2012-07-18 14:57:17 +02:00
a06ebdd8ef
Add caching to svn metadata
2012-06-18 15:38:47 +02:00
1bd4ccbd54
php-cs-fixer magic
2012-05-22 12:07:08 +02:00
8ff497ac6f
Skip filter_var on 5.3.2 since it is buggy
2012-04-27 14:04:39 +02:00
70ad8274cd
Work around poorly configured php
2012-04-26 15:47:22 +02:00
b094ef7155
Add repository notification API support
2012-04-13 02:59:23 +02:00
fc29487a2a
Add home config key and use it to create the cache instance
2012-04-09 16:36:06 +02:00
0d97ec4783
Add cache to the composer repositories
2012-04-06 22:39:43 +02:00
a476d1f97d
Add support for the new composer repository format
2012-04-06 20:40:31 +02:00
a67f62990c
Prepare for upcoming format break
2012-04-06 19:56:34 +02:00
7f65dd7409
Use RemoteFilesystem everywhere we do http requests
2012-03-18 21:26:04 +01:00
774e9d0da6
Remove dependency on filter_var
2012-03-05 15:13:07 +01:00
f6b9488bf0
Move root package handling to a dedicated loader and make ArrayLoader more strict
2011-12-13 01:05:29 +01:00
ebbc807de0
Fix whitespaces and add strict return code checking
2011-12-12 10:57:57 +01:00
4e1cb32f8c
Allow for file://-URLs here as well
2011-12-09 23:37:52 +01:00
2e8762744f
Fix ComposerRepository ctor
2011-12-03 12:43:38 +01:00
527c711149
Move loader creation to avoid creating it more than once, unified the way packages are loading across repository classes
2011-10-29 07:43:26 +02:00
9b24734c9d
Add parsing and on-the-fly loading of repositories defined in packages
2011-10-23 19:40:34 +02:00
1cca62dc97
move json parsing instructions into single class object
2011-10-01 16:01:33 +03:00
9deb10361f
second batch of refactoring
2011-09-21 00:43:53 +03:00
5f4d46f7ae
repository factoring refactoring
2011-09-21 00:39:15 +03:00
ba9f12a517
Add extra and type info to packages
2011-08-21 13:33:37 +02:00
49c3446ac1
Make use of new dist properties, refactored ZipDownloader
2011-07-06 21:06:52 +02:00
d185194d1a
Create links/constraints between packages
2011-04-23 20:52:37 +02:00
b53a3086b6
Minor refactorings and changes
2011-04-21 21:13:14 +02:00
f0af6b7d57
It's called a repository, not a registry
2011-04-18 22:48:51 +02:00
e03983697a
Add base installer/downloader and ComposerRepository
2011-04-18 00:15:05 +02:00
Jordi Boggiano