d4c9a9004a
Add support for the hashed provider includes
2013-02-21 18:51:22 +01:00
2c4c5dd764
Fail hard only after 3 failed attempts
2013-02-21 18:18:04 +01:00
b750e70f5f
Abort execution when a RepositorySecurityException is thrown
2013-02-21 17:41:38 +01:00
995dc40130
Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256
2013-02-21 17:37:18 +01:00
211b69b38b
Adjust exception message
2013-02-21 17:07:53 +01:00
b59489f6ae
Merge remote-tracking branch 'edas/exception-on-broken-signature'
2013-02-21 17:04:41 +01:00
9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
2013-02-21 16:50:04 +01:00
a8a99cee24
Fix RepositorySecurityException class name
2013-02-15 09:52:31 +01:00
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
2013-02-14 15:53:40 +01:00
17a5bdf162
Normalize github URLs generated by the GitHubDriver, fixes #1551
2013-02-13 12:55:14 +01:00
432955e0ae
Fix github url escaping, raw.github.com doesnt like escaped slashes
2013-02-11 09:34:50 +01:00
8904888a74
Add php-64bit package if the php version has 64bit ints, fixes #1506 , fixes #1511
2013-01-23 15:55:48 +01:00
514a3cde77
CS fixes
2013-01-05 20:01:58 +01:00
5b24a48827
Allow disabling svn branches/tags, fixes composer/satis#43
2012-12-08 17:41:46 +01:00
04c6670f0c
Detect invalid ssh URLs, fixes #1124
2012-12-05 23:23:01 +01:00
224934831d
Change all github archive URLs to API URLs and handle fallback for those to nodeload
2012-12-05 19:20:52 +01:00
120f52c632
Generate private zipball urls for private repositories
2012-12-05 18:55:13 +01:00
cebd43e735
fixed detection of inactive branches in hg
2012-12-03 01:21:56 +01:00
a8f74a0983
Allow notification from locked installs, fixes #1368 , fixes #1372 , fixes #1369
2012-11-29 09:24:28 +01:00
e868c9706b
Add support for batch notifications
2012-11-28 18:44:49 +01:00
9713bf8bec
Fix for PearRepository scheme handling, broke ChannelReaderTest.
2012-11-23 18:36:22 +01:00
0be2fd12e4
Fix for PEAR package downloading in PearRepository: now using https as
...
scheme if the PEAR channel uses https. The old behavior broke installing
PEAR packages from https-only PEAR channels.
2012-11-23 18:08:32 +01:00
15475f0ef2
Rename cache dirs to consolidate them by purpose
2012-11-23 00:15:14 +01:00
326fcbcab7
Enforce UTC on all datetime instances, set lock release date to datetime always, refs #923
2012-11-20 14:36:42 +01:00
172414a1f0
Add support for ~/+ in addition to - as separator between PHP version and build details, fixes #1322
2012-11-14 10:55:51 +01:00
4f5d08e2ad
Add InvalidRepositoryException
2012-11-08 15:05:00 +01:00
4959c2bdc6
Replace references of a11n with a12n where appropriate
...
Authorization => Authentication.
2012-11-07 13:34:31 +01:00
cbd91b5952
Fix FILTER_VALIDATE_URL not supporting IDNs
2012-11-05 15:39:43 +01:00
0c61e9d345
Add warning/errors flags to VCS repo output
2012-11-05 12:38:11 +01:00
dae7f3cee7
Add a way to know if any branch failed loading
2012-11-05 12:28:53 +01:00
61bd34df55
Make sure error output is clearly visible
2012-11-05 12:24:50 +01:00
967c771b26
Add warnings to ValidatingArrayLoader that are simply stripped by default, add reporting of warnings when loading branches
2012-11-05 12:08:02 +01:00
1682532b80
Update code to use new github archive URLs
2012-11-04 14:01:22 +01:00
bb701da8c2
Do not overwrite output in verbose mode
2012-11-02 18:12:40 +01:00
45c1c3f881
Fixed package name for stability test in ComposerRepository
2012-10-30 22:20:49 +01:00
b10c832be0
fixed a typo
2012-10-28 09:57:42 +01:00
2b06503027
SvnDriver fixes
2012-10-26 01:53:34 +02:00
83fd3967f0
Fixed PHPDoc
2012-10-24 23:44:40 +00:00
5eead93250
Fixed typos
2012-10-24 23:14:04 +00:00
125ff3e4f5
Fix root aliasing with new providers repo format
2012-10-24 16:11:32 +02:00
ad9f887edd
Clarify error message to sound less scary until we can guarantee it
2012-10-23 10:53:17 +02:00
9ed481ef02
Fix handling of legacy Composer repositories
2012-10-22 21:40:32 +01:00
e887f6cea9
Fix CS
2012-10-22 20:25:11 +02:00
89d4df990a
Use JsonFile to decode cached entries
2012-10-22 17:56:30 +02:00
bebd1ce9c7
Always check for OAuth token in git config, fixes #1243
2012-10-22 17:11:34 +02:00
1760b1e093
Prevent CompositeRepository instances from being nested
2012-10-22 14:29:34 +02:00
fef3dacdfb
Reset ids of aliased packages as well
2012-10-22 14:28:55 +02:00
39e69a3b12
Refactor OAuth acquisition code to generalize it
2012-10-21 17:56:57 +02:00
bf5f34a114
Merge remote-tracking branch '1stvamp/github-tokens-from-git-config'
2012-10-21 17:12:14 +02:00
338127ff9c
Disable failure on hash mismatch until it can be proven to work reliably
2012-10-21 16:10:47 +02:00
3116c979d3
Fix undefined var, fixes #1235
2012-10-21 16:03:05 +02:00
573e4b2a7c
Merge branch 'newrepo'
2012-10-21 14:18:00 +02:00
5fb0403276
Use process executor instead of exec to run git config
2012-10-21 10:05:56 +01:00
1442c1e026
Damnable tabs!
2012-10-21 10:02:33 +01:00
2cb07dd2fe
Allow use of Github OAuth2 token stored in git config
2012-10-21 01:06:56 +01:00
0a3097c569
Merge remote-tracking branch 'bboer/feature/svn-alternative-structures'
...
Conflicts:
src/Composer/Repository/Vcs/GitHubDriver.php
2012-10-19 12:19:19 +02:00
5051e7a0a2
Only try to authorize when fetching the repo info, not subsequent calls, refs #423
2012-10-19 10:24:00 +02:00
32282e7461
Add hostname to the OAuth app name
2012-10-18 17:08:34 +02:00
a9811c4e40
Store and reload the github token to/from the config
2012-10-18 16:48:44 +02:00
3b01d26d67
Swap user credentials for an OAuth token from GitHub
2012-10-18 16:48:42 +02:00
1bd5d88b02
quick workaround for Github API limit
2012-10-18 16:48:41 +02:00
5978197b5d
Reset package IDs before they can be used in the pool in case there are already some in the cache
2012-10-18 12:57:55 +02:00
ee0cd07468
CS fixes
2012-10-18 10:35:06 +02:00
541bcabbc0
Actually check the hash after downloading
2012-10-15 14:37:27 +02:00
07f72e9fb6
Add support for provider listings
2012-10-14 16:33:53 +02:00
a3f9accd37
Fix various dumb issues
2012-10-13 18:54:48 +02:00
aafc1f7857
Make sure alias package have a repo instance set
2012-10-13 17:19:06 +02:00
41c7432fef
Do not fetch from repo for packages that obviously can not be there
2012-10-13 17:18:47 +02:00
c0e5736ae7
Add support for one-file-per-provider composer repositories
2012-10-12 18:24:26 +02:00
fde3477563
Report issues in HgDriver as well
2012-10-12 11:23:30 +02:00
08670e7666
Report errors properly when git driver fails to write in the cache, refs #482
2012-10-12 11:16:47 +02:00
116b822953
Fix loop and add missing options
2012-10-11 21:35:51 +02:00
1d80720405
Add retries and failover of all jsons to cache even if the main one worked
2012-10-11 21:26:11 +02:00
fb296972ef
Enable https for packagist when possible
2012-10-11 20:57:31 +02:00
b3077bc4bc
Merge pull request #1177 from sandermarechal/stream-context
...
Allow setting stream context options
2012-10-04 09:18:08 -07:00
6cf860669f
Add repository stream context options
...
Add support for passing stream context options to the
StreamContextFactory. This allows support for SSH keyfiles, SSL
certificates and much more. Example:
{
"repositories": [
{
"type": "composer",
"url": "ssh2.sftp://host:22/path/to/packages.json",
"options": {
"ssh2": {
"username": "composer",
"pubkey_file": "/path/to/composer.key.pub",
"privkey_file": "/path/to/composer.key"
}
}
}
]
}
2012-10-03 14:49:41 +02:00
e188f69a0f
Merge remote-tracking branch 'origin/master'
2012-10-03 11:18:44 +02:00
4998bab944
Show warning if the svn binary is missing
2012-10-03 11:14:37 +02:00
4799053ca9
Allow dot in URL scheme
...
This makes it possible to support SSH2 urls, like ssh2.scp://
See: http://www.php.net/manual/en/wrappers.ssh2.php
2012-10-03 10:50:02 +02:00
5201564c0f
Added support for hg bookmarks
2012-10-02 13:41:03 +02:00
4772db1460
Add missing `use` in HgDriver
...
Closes #1165
2012-10-01 14:59:02 +03:00
6bd7ca0230
Fix typos and simplify code
2012-09-20 11:03:58 +02:00
35245eb817
Add support for local urls and better error reporting to HgDriver
2012-09-20 10:38:35 +02:00
c14826dd1e
Fix exception handling when loading repos
2012-09-08 13:49:37 +02:00
fe4516aff8
Clarify exception messages when a package can not be loaded from a composer repository, fixes #1070
2012-09-08 02:00:02 +02:00
57d1b5a37d
Issue #1056 . Fixed callback call error on search command.
2012-09-06 09:15:29 +03:00
00361e0087
Fixed tests
2012-08-31 08:12:20 +02:00
d1a452b00b
Made repoConfig available for the VcsDriver to be able to provide additional configuration options easily.
2012-08-30 16:52:37 +02:00
781e0d4f55
Add detection of gitolite user for git repos
2012-08-29 15:44:52 +02:00
803178d28f
CS fixes for #1038
2012-08-29 15:24:05 +02:00
560d6daccf
Using separate variable for URL parts
2012-08-29 15:12:08 +02:00
841efc98a6
Appending 'packages.json' only if not present in URL
2012-08-29 15:08:04 +02:00
93628c42d8
Add support for alternative structures
2012-08-29 13:26:53 +02:00
c14bc368b0
Fix memory usage of the update command
2012-08-24 02:29:37 +02:00
e1bd2fd6df
Clean ups after feedback
2012-08-24 02:29:36 +02:00
e3b6bd781c
Add RepositoryInterface::filterPackages to stream ops on lists
...
This cuts down on memory usage and also speeds up the search command to a third of its previous time
2012-08-24 02:29:33 +02:00
d6de4a0036
Rename Package interfaces to reduce BC issues
2012-08-24 02:29:31 +02:00
8a275336a1
CS cleanups
2012-08-24 02:29:30 +02:00
e46d26cb9b
Add loadAliasPackage to the StreamableRepositoryInterface and clear up responsibilities between Pool and Repositories
2012-08-24 02:29:29 +02:00
26e8217db7
Remove duplication of branch alias parsing code
2012-08-24 02:29:26 +02:00
Jordi Boggiano