diff --git a/doc/03-cli.md b/doc/03-cli.md index 62d3f74b8..c999e76ac 100644 --- a/doc/03-cli.md +++ b/doc/03-cli.md @@ -97,8 +97,6 @@ resolution. * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster autoloader. This is recommended especially for production, but can take a bit of time to run so it is currently not done by default. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. * **--classmap-authoritative (-a):** Autoload classes from the classmap only. Implicitly enables `--optimize-autoloader`. @@ -148,8 +146,6 @@ php composer.phar update vendor/* Implicitly enables `--optimize-autoloader`. * **--lock:** Only updates the lock file hash to suppress warning about the lock file being out of date. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. * **--with-dependencies:** Add also all dependencies of whitelisted packages to the whitelist. * **--prefer-stable:** Prefer stable versions of dependencies. * **--prefer-lowest:** Prefer lowest versions of dependencies. Useful for testing minimal @@ -188,8 +184,6 @@ php composer.phar require vendor/package:2.* vendor/package2:dev-master * **--update-no-dev:** Run the dependency update with the `--no-dev` option. * **--update-with-dependencies:** Also update dependencies of the newly required packages. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. * **--sort-packages:** Keep packages sorted in `composer.json`. * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster autoloader. This is recommended especially for production, but @@ -265,8 +259,6 @@ You can also search for more than one term by passing multiple arguments. ### Options * **--only-name (-N):** Search only in name. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. ## show @@ -310,8 +302,6 @@ php composer.phar show monolog/monolog 1.0.2 * **--installed (-i):** List the packages that are installed. * **--platform (-p):** List only platform packages (php & extensions). * **--self (-s):** List the root package info. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. * **--tree (-t):** List the dependencies as a tree. Only usable when giving a single package name or combined with `-i`. ## browse / home @@ -422,8 +412,6 @@ sudo composer self-update ### Options * **--rollback (-r):** Rollback to the last version you had installed. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. * **--clean-backups:** Delete old backups during an update. This makes the current version of Composer the only backup available after the update. @@ -517,8 +505,6 @@ By default the command checks for the packages on packagist.org. * **--keep-vcs:** Skip the deletion of the VCS metadata for the created project. This is mostly useful if you run the command in non-interactive mode. -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. * **--ignore-platform-reqs:** ignore `php`, `hhvm`, `lib-*` and `ext-*` requirements and force the installation even if the local machine does not fulfill these. @@ -579,11 +565,6 @@ problems. php composer.phar diagnose ``` -### Options - -* **--disable-tls:** Display SSL/TLS peer verification. -* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification. - ## archive This command is used to generate a zip/tar archive for a given package in a diff --git a/doc/06-config.md b/doc/06-config.md index ec1203d05..89003ed82 100644 --- a/doc/06-config.md +++ b/doc/06-config.md @@ -40,6 +40,25 @@ of their API. [Read more](articles/troubleshooting.md#api-rate-limit-and-oauth-tokens) on how to get an OAuth token for GitHub. +## gitlab-oauth + +A list of domain names and oauth keys. For example using `{"gitlab.com": +"oauthtoken"}` as the value of this option will use `oauthtoken` to access +private repositories on gitlab. + +## disable-tls + +Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP +instead and no network level encryption is performed. Enabling this is a +security risk and is NOT recommended. The better way is to enable the +php_openssl extension in php.ini. + +## cafile + +A way to set the path to the openssl CA file. In PHP 5.6+ you should rather +set this via openssl.cafile in php.ini, although PHP 5.6+ should be able to +detect your system CA file automatically. + ## http-basic A list of domain names and username/passwords to authenticate against them. For diff --git a/res/composer-schema.json b/res/composer-schema.json index df1fe8290..6b89b08b7 100644 --- a/res/composer-schema.json +++ b/res/composer-schema.json @@ -141,6 +141,14 @@ "description": "A hash of domain name => gitlab API oauth tokens, typically {\"gitlab.com\":\"\"}.", "additionalProperties": true }, + "disable-tls": { + "type": "boolean", + "description": "Defaults to `false`. If set to true all HTTPS URLs will be tried with HTTP instead and no network level encryption is performed. Enabling this is a security risk and is NOT recommended. The better way is to enable the php_openssl extension in php.ini." + }, + "cafile": { + "type": "string", + "description": "A way to set the path to the openssl CA file. In PHP 5.6+ you should rather set this via openssl.cafile in php.ini, although PHP 5.6+ should be able to detect your system CA file automatically." + }, "http-basic": { "type": "object", "description": "A hash of domain name => {\"username\": \"...\", \"password\": \"...\"}.", diff --git a/src/Composer/Command/CreateProjectCommand.php b/src/Composer/Command/CreateProjectCommand.php index f26eddf0d..412e1a4d9 100644 --- a/src/Composer/Command/CreateProjectCommand.php +++ b/src/Composer/Command/CreateProjectCommand.php @@ -69,8 +69,6 @@ class CreateProjectCommand extends Command new InputOption('no-progress', null, InputOption::VALUE_NONE, 'Do not output download progress.'), new InputOption('keep-vcs', null, InputOption::VALUE_NONE, 'Whether to prevent deletion vcs folder.'), new InputOption('no-install', null, InputOption::VALUE_NONE, 'Whether to skip installation of the package dependencies.'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputOption('ignore-platform-reqs', null, InputOption::VALUE_NONE, 'Ignore platform requirements (php & ext- packages).'), )) ->setHelp(<<diagnose command checks common errors to help debugging problems. EOT - )->setDefinition(array( - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), - )) + ) ; } diff --git a/src/Composer/Command/InstallCommand.php b/src/Composer/Command/InstallCommand.php index 20f142fea..3ae00c228 100644 --- a/src/Composer/Command/InstallCommand.php +++ b/src/Composer/Command/InstallCommand.php @@ -46,8 +46,6 @@ class InstallCommand extends Command new InputOption('no-progress', null, InputOption::VALUE_NONE, 'Do not output download progress.'), new InputOption('verbose', 'v|vv|vvv', InputOption::VALUE_NONE, 'Shows more details including new commits pulled in when updating packages.'), new InputOption('optimize-autoloader', 'o', InputOption::VALUE_NONE, 'Optimize autoloader during autoloader dump'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputOption('classmap-authoritative', 'a', InputOption::VALUE_NONE, 'Autoload classes from the classmap only. Implicitly enables `--optimize-autoloader`.'), new InputOption('ignore-platform-reqs', null, InputOption::VALUE_NONE, 'Ignore platform requirements (php & ext- packages).'), new InputArgument('packages', InputArgument::IS_ARRAY | InputArgument::OPTIONAL, 'Should not be provided, use composer require instead to add a given package to composer.json.'), diff --git a/src/Composer/Command/RequireCommand.php b/src/Composer/Command/RequireCommand.php index 859eacb0b..bbdf15681 100644 --- a/src/Composer/Command/RequireCommand.php +++ b/src/Composer/Command/RequireCommand.php @@ -46,8 +46,6 @@ class RequireCommand extends InitCommand new InputOption('no-update', null, InputOption::VALUE_NONE, 'Disables the automatic update of the dependencies.'), new InputOption('update-no-dev', null, InputOption::VALUE_NONE, 'Run the dependency update with the --no-dev option.'), new InputOption('update-with-dependencies', null, InputOption::VALUE_NONE, 'Allows inherited dependencies to be updated with explicit dependencies.'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputOption('ignore-platform-reqs', null, InputOption::VALUE_NONE, 'Ignore platform requirements (php & ext- packages).'), new InputOption('sort-packages', null, InputOption::VALUE_NONE, 'Sorts packages when adding/updating a new dependency'), new InputOption('optimize-autoloader', 'o', InputOption::VALUE_NONE, 'Optimize autoloader during autoloader dump'), diff --git a/src/Composer/Command/SearchCommand.php b/src/Composer/Command/SearchCommand.php index 3219dfd97..e636fc4d0 100644 --- a/src/Composer/Command/SearchCommand.php +++ b/src/Composer/Command/SearchCommand.php @@ -41,8 +41,6 @@ class SearchCommand extends Command ->setDescription('Search for packages') ->setDefinition(array( new InputOption('only-name', 'N', InputOption::VALUE_NONE, 'Search only in name'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputArgument('tokens', InputArgument::IS_ARRAY | InputArgument::REQUIRED, 'tokens to search for'), )) ->setHelp(<<setDefinition(array( new InputOption('rollback', 'r', InputOption::VALUE_NONE, 'Revert to an older installation of composer'), new InputOption('clean-backups', null, InputOption::VALUE_NONE, 'Delete old backups during an update. This makes the current version of composer the only backup available after the update'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputArgument('version', InputArgument::OPTIONAL, 'The version to update to'), new InputOption('no-progress', null, InputOption::VALUE_NONE, 'Do not output download progress.'), )) @@ -63,17 +61,15 @@ EOT { $config = Factory::createConfig(); - if($config->get('disable-tls') === true || $input->getOption('disable-tls')) { + if ($config->get('disable-tls') === true) { $baseUrl = 'http://' . self::HOMEPAGE; } else { $baseUrl = 'https://' . self::HOMEPAGE; } + $io = $this->getIO(); $remoteFilesystem = Factory::createRemoteFilesystem($io, $config); - // TODO: Silent switch probably should be kicking out exception - $baseUrl = (extension_loaded('openssl') ? 'https' : 'http') . '://' . self::HOMEPAGE; - $cacheDir = $config->get('cache-dir'); $rollbackDir = $config->get('home'); $localFilename = realpath($_SERVER['argv'][0]) ?: $_SERVER['argv'][0]; diff --git a/src/Composer/Command/ShowCommand.php b/src/Composer/Command/ShowCommand.php index b3f423c92..7704e09fb 100644 --- a/src/Composer/Command/ShowCommand.php +++ b/src/Composer/Command/ShowCommand.php @@ -56,8 +56,6 @@ class ShowCommand extends Command new InputOption('available', 'a', InputOption::VALUE_NONE, 'List available packages only'), new InputOption('self', 's', InputOption::VALUE_NONE, 'Show the root package information'), new InputOption('name-only', 'N', InputOption::VALUE_NONE, 'List package names only'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputOption('path', 'P', InputOption::VALUE_NONE, 'Show package paths'), new InputOption('tree', 't', InputOption::VALUE_NONE, 'List the dependencies as a tree'), )) diff --git a/src/Composer/Command/UpdateCommand.php b/src/Composer/Command/UpdateCommand.php index 1faad4c79..99aa37ca6 100644 --- a/src/Composer/Command/UpdateCommand.php +++ b/src/Composer/Command/UpdateCommand.php @@ -52,8 +52,6 @@ class UpdateCommand extends Command new InputOption('with-dependencies', null, InputOption::VALUE_NONE, 'Add also all dependencies of whitelisted packages to the whitelist.'), new InputOption('verbose', 'v|vv|vvv', InputOption::VALUE_NONE, 'Shows more details including new commits pulled in when updating packages.'), new InputOption('optimize-autoloader', 'o', InputOption::VALUE_NONE, 'Optimize autoloader during autoloader dump.'), - new InputOption('disable-tls', null, InputOption::VALUE_NONE, 'Disable SSL/TLS protection for HTTPS requests'), - new InputOption('cafile', null, InputOption::VALUE_REQUIRED, 'The path to a valid CA certificate file for SSL/TLS certificate verification'), new InputOption('classmap-authoritative', 'a', InputOption::VALUE_NONE, 'Autoload classes from the classmap only. Implicitly enables `--optimize-autoloader`.'), new InputOption('ignore-platform-reqs', null, InputOption::VALUE_NONE, 'Ignore platform requirements (php & ext- packages).'), new InputOption('prefer-stable', null, InputOption::VALUE_NONE, 'Prefer stable versions of dependencies.'), diff --git a/src/Composer/Factory.php b/src/Composer/Factory.php index c04f1e269..57bc8bf54 100644 --- a/src/Composer/Factory.php +++ b/src/Composer/Factory.php @@ -521,25 +521,25 @@ class Factory $disableTls = true; } elseif (!extension_loaded('openssl')) { throw new \RuntimeException('The openssl extension is required for SSL/TLS protection but is not available. ' - . 'You can disable this error, at your own risk, by passing the \'--disable-tls\' option to this command.'); + . 'You can disable this error, at your own risk, by setting the \'disable-tls\' option to true.'); } $remoteFilesystemOptions = array(); if ($disableTls === false) { if (isset($config) && !empty($config->get('cafile'))) { - $remoteFilesystemOptions = array('ssl'=>array('cafile'=>$config->get('cafile'))); - } - if (!empty($io->getInputOption('cafile'))) { - $remoteFilesystemOptions = array('ssl'=>array('cafile'=>$io->getInputOption('cafile'))); + $remoteFilesystemOptions = array('ssl' => array('cafile' => $config->get('cafile'))); } $remoteFilesystemOptions = array_merge_recursive($remoteFilesystemOptions, $options); } try { - $remoteFilesystem = new RemoteFilesystem($io, $remoteFilesystemOptions, $disableTls); + $remoteFilesystem = new RemoteFilesystem($io, $config, $remoteFilesystemOptions, $disableTls); } catch (TransportException $e) { if (preg_match('|cafile|', $e->getMessage())) { $io->write('Unable to locate a valid CA certificate file. You must set a valid \'cafile\' option.'); $io->write('A valid CA certificate file is required for SSL/TLS protection.'); - $io->write('You can disable this error, at your own risk, by passing the \'--disable-tls\' option to this command.'); + if (PHP_VERSION_ID < 50600) { + $io->write('It is recommended you upgrade to PHP 5.6+ which can detect your system CA file automatically.'); + } + $io->write('You can disable this error, at your own risk, by setting the \'disable-tls\' option to true.'); } throw $e; } diff --git a/src/Composer/Util/ConfigValidator.php b/src/Composer/Util/ConfigValidator.php index 32c9303d9..1878dcf52 100644 --- a/src/Composer/Util/ConfigValidator.php +++ b/src/Composer/Util/ConfigValidator.php @@ -19,6 +19,7 @@ use Composer\Json\JsonValidationException; use Composer\IO\IOInterface; use Composer\Json\JsonFile; use Composer\Spdx\SpdxLicenses; +use Composer\Factory; /** * Validates a composer configuration. diff --git a/src/Composer/Util/GitLab.php b/src/Composer/Util/GitLab.php index 8f2b0aec2..bed071c41 100644 --- a/src/Composer/Util/GitLab.php +++ b/src/Composer/Util/GitLab.php @@ -14,6 +14,7 @@ namespace Composer\Util; use Composer\IO\IOInterface; use Composer\Config; +use Composer\Factory; use Composer\Downloader\TransportException; use Composer\Json\JsonFile; @@ -40,7 +41,7 @@ class GitLab $this->io = $io; $this->config = $config; $this->process = $process ?: new ProcessExecutor(); - $this->remoteFilesystem = $remoteFilesystem ?: new RemoteFilesystem($io, $config); + $this->remoteFilesystem = $remoteFilesystem ?: Factory::createRemoteFilesystem($this->io, $config); } /**