hugo
/
composer
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
8,062 Commits
1 Branch
0 Tags
25 MiB
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '158e1c95da'
${ noResults }
Commit Graph

168 Commits (158e1c95da02cc0b932de74f9a09a1c7b6cf654f)

Author SHA1 Message Date
Nils Adermann ec5416f03c loadDev parameter is nonsense, properly load packages in create command 9 years ago
Nils Adermann b99c03ea04 Entirely remove whatProvides from Composer repository 9 years ago
Nils Adermann 090711b21c Completely move loading of packages from composer repo to pool 9 years ago
Nils Adermann 9b9ad9d0fe Remove dead code paths and use exceptions instead of die 9 years ago
Nils Adermann 65f69c4227 Remove debug output 9 years ago
Nils Adermann 4d0db5add6 POC Implementation of loading only explicitly named package data 9 years ago
Rob Bast cb336a5416 Implement writeError throughout Composer 10 years ago
Jordi Boggiano 8b46880f42 Avoid failing on composer show of lazy providers 10 years ago
Padraic Brady 19e24c5804 Merge branch 'master' into tls-config 
Conflicts:
	.travis.yml
	doc/03-cli.md
	src/Composer/Command/ConfigCommand.php
	src/Composer/Command/CreateProjectCommand.php
	src/Composer/Command/DiagnoseCommand.php
	src/Composer/Command/InstallCommand.php
	src/Composer/Command/RequireCommand.php
	src/Composer/Command/SelfUpdateCommand.php
	src/Composer/Command/ShowCommand.php
	src/Composer/Command/UpdateCommand.php
	src/Composer/Config.php
	src/Composer/Downloader/FileDownloader.php
	src/Composer/Factory.php
	src/Composer/Repository/ComposerRepository.php
	src/Composer/Repository/PearRepository.php
	src/Composer/Repository/Vcs/VcsDriver.php
	src/Composer/Util/GitHub.php
	src/Composer/Util/RemoteFilesystem.php
 10 years ago
SofHad 45089a6771 [Minor] remove the unused private variables 10 years ago
Jordi Boggiano 3ff8bcffea Allow loading of real composer repos by local path, fixes #1899 10 years ago
Nils Adermann 89bd9be295 This entirely removes StreamableRepositories and minimal package arrays 10 years ago
Nils Adermann 9751e1ab58 Remove unnecessary collection of names which isn't used 10 years ago
aaukt f8fae61b05 Add fallback for findPackage(s) for repo without provider 
This was introcuced in a4d43ee860, but is missing the fallback for a repository without providers.
 10 years ago
Jordi Boggiano ac497feaba CS fixes 10 years ago
Jordi Boggiano d036b2390e Load root aliases for providers by package name and not by provider name, fixes #3043 10 years ago
Jordi Boggiano 58d01b2c6e Merge pull request #2988 from tristanlins/feature/composer-repository-find-packages 
ComposerRepository::findPackage[s]
 10 years ago
Jordi Boggiano 0c343f925a Clarify code 10 years ago
Tristan Lins a4d43ee860 Implement ComposerRepository::findPackage and ComposerRepository::findPackages. 10 years ago
Jordi Boggiano 2a7a954f62 Handle multiple urls in package transport options 10 years ago
Jordi Boggiano b6981d09e8 Fix handling of origin url in composer repository class 10 years ago
Jordi Boggiano 31b787249c More fixes to mirror support 10 years ago
Jordi Boggiano 44e45ed2d5 Add support for lazy providers/proxies 10 years ago
Jordi Boggiano 77163f66fc Add support for mirrors in composer repos 10 years ago
Jordi Boggiano faeb706de6 Handle alias packages properly, refs #2189 10 years ago
Jordi Boggiano 32cd883daa Rename options to transport-options, refs #2189 10 years ago
Jordi Boggiano 016a016455 Merge remote-tracking branch 'lcobucci/master' 
Conflicts:
	src/Composer/Downloader/FileDownloader.php
 10 years ago
Jordi Boggiano b437c1cc05 Support github auth directly in the RemoteFilesystem class 10 years ago
Pádraic Brady 306ba77e93 Implement the RemoteFilesystem Factory everywhere... 
- also fixes impacted test
 11 years ago
Luís Otávio Cobucci Oblonczyk 0f2c0ab389 Merge remote-tracking branch 'upstream/master' 
Conflicts:
	src/Composer/Downloader/FileDownloader.php
 11 years ago
Jérémy JOURDIN fbadc19bf6 Add preFileDownload event on package.json fetch 11 years ago
Carsten Brandt f538acc4b0 added support for file:// url to repository 
file:// is valid url even if it does not define a host.

allows to define a repo like this (local directory generated with
composer/satis):

```json
{
	"repositories": [ { "type": "composer", "url": "file:///home/cebe/dev/jescali/xeno-core/core/repo" } ],
	"require": {
        ...
	}
}
```
 11 years ago
Luís Otávio Cobucci Oblonczyk 0b77a59af6 Repository options must be replicated on package when dist file is under 
repository base dir
 11 years ago
Jordi Boggiano 3f2b9b4d4b Avoid overwriting notification-url 11 years ago
Jordi Boggiano 4b26c627ff Retry file downloads 3 times before giving up in case of basic network failure 11 years ago
Jordi Boggiano a7e88f7a80 Unfold aliases in streamable repos since aliases are already loaded by the pool, refs #1346, fixes #1851 11 years ago
Martin Hasoň 753a8345cb Added support for the alias of an aliased package 11 years ago
Jordi Boggiano d38eb244fa Add PlatformRepository::PLATFORM_PACKAGE_REGEX to remove duplication 11 years ago
Jordi Boggiano 2b385cbe58 Fix dependency flags not applying to provides/replaces, fixes #1771 11 years ago
Jordi Boggiano 41392ace56 Check that a repo has no providers when getPackages is called to catch any mis-use 12 years ago
Jordi Boggiano be861f090a Remove filterPackages and add RepositoryInterface::search, refactor all commands to use new methods and remove all usage of the full package list for Composer repositories that support providers, fixes #1646 12 years ago
Jordi Boggiano 095852933e Remove code duplication, add support for searchUrl 12 years ago
Jordi Boggiano 573b7a0fb7 Only downgrade providers but not the notification url 12 years ago
Jordi Boggiano d4c9a9004a Add support for the hashed provider includes 12 years ago
Jordi Boggiano 2c4c5dd764 Fail hard only after 3 failed attempts 12 years ago
Jordi Boggiano b750e70f5f Abort execution when a RepositorySecurityException is thrown 12 years ago
Jordi Boggiano 995dc40130 Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256 12 years ago
Jordi Boggiano 211b69b38b Adjust exception message 12 years ago
Jordi Boggiano b59489f6ae Merge remote-tracking branch 'edas/exception-on-broken-signature' 12 years ago
Jordi Boggiano 9521d1e7ad Make use of new hashed provider filenames, fixes #1431, refs composer/packagist#283 12 years ago
Eric Daspet 59f8be3b92 Throw Exception on broken signature 
This is related to issue #1562

With a fresh installation of Composer I had the following message:

> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.

This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.

*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.

This is a *serious* security issue.

The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states

```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````

Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.

Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
 12 years ago
Jordi Boggiano a8f74a0983 Allow notification from locked installs, fixes #1368, fixes #1372, fixes #1369 12 years ago
Jordi Boggiano e868c9706b Add support for batch notifications 12 years ago
Jordi Boggiano 15475f0ef2 Rename cache dirs to consolidate them by purpose 12 years ago
Jordi Boggiano cbd91b5952 Fix FILTER_VALIDATE_URL not supporting IDNs 12 years ago
Martin Hasoň 45c1c3f881 Fixed package name for stability test in ComposerRepository 12 years ago
Bilal Amarni b10c832be0 fixed a typo 12 years ago
Jordi Boggiano 125ff3e4f5 Fix root aliasing with new providers repo format 12 years ago
Jordi Boggiano ad9f887edd Clarify error message to sound less scary until we can guarantee it 12 years ago
Chris Smith 9ed481ef02 Fix handling of legacy Composer repositories 12 years ago
Jordi Boggiano e887f6cea9 Fix CS 12 years ago
Jordi Boggiano 89d4df990a Use JsonFile to decode cached entries 12 years ago
Jordi Boggiano fef3dacdfb Reset ids of aliased packages as well 12 years ago
Jordi Boggiano 338127ff9c Disable failure on hash mismatch until it can be proven to work reliably 12 years ago
Jordi Boggiano 5978197b5d Reset package IDs before they can be used in the pool in case there are already some in the cache 12 years ago
Jordi Boggiano 541bcabbc0 Actually check the hash after downloading 12 years ago
Jordi Boggiano 07f72e9fb6 Add support for provider listings 12 years ago
Jordi Boggiano a3f9accd37 Fix various dumb issues 12 years ago
Jordi Boggiano aafc1f7857 Make sure alias package have a repo instance set 12 years ago
Jordi Boggiano 41c7432fef Do not fetch from repo for packages that obviously can not be there 12 years ago
Jordi Boggiano c0e5736ae7 Add support for one-file-per-provider composer repositories 12 years ago
Jordi Boggiano 116b822953 Fix loop and add missing options 12 years ago
Jordi Boggiano 1d80720405 Add retries and failover of all jsons to cache even if the main one worked 12 years ago
Jordi Boggiano fb296972ef Enable https for packagist when possible 12 years ago
Sander Marechal 6cf860669f Add repository stream context options 
Add support for passing stream context options to the
StreamContextFactory. This allows support for SSH keyfiles, SSL
certificates and much more. Example:

{
    "repositories": [
        {
            "type": "composer",
            "url": "ssh2.sftp://host:22/path/to/packages.json",
            "options": {
                "ssh2": {
                    "username": "composer",
                    "pubkey_file": "/path/to/composer.key.pub",
                    "privkey_file": "/path/to/composer.key"
                }
            }
        }
    ]
}
 12 years ago
Sander Marechal 4799053ca9 Allow dot in URL scheme 
This makes it possible to support SSH2 urls, like ssh2.scp://
See: http://www.php.net/manual/en/wrappers.ssh2.php
 12 years ago
Jordi Boggiano c14826dd1e Fix exception handling when loading repos 12 years ago
Jordi Boggiano fe4516aff8 Clarify exception messages when a package can not be loaded from a composer repository, fixes #1070 12 years ago
Povilas Balzaravicius Pawka 57d1b5a37d Issue #1056. Fixed callback call error on search command. 12 years ago
Jordi Boggiano 803178d28f CS fixes for #1038 12 years ago
Christoph Hochstrasser 560d6daccf Using separate variable for URL parts 12 years ago
Christoph Hochstrasser 841efc98a6 Appending 'packages.json' only if not present in URL 12 years ago
Jordi Boggiano c14bc368b0 Fix memory usage of the update command 12 years ago
Jordi Boggiano e3b6bd781c Add RepositoryInterface::filterPackages to stream ops on lists 
This cuts down on memory usage and also speeds up the search command to a third of its previous time
 12 years ago
Jordi Boggiano d6de4a0036 Rename Package interfaces to reduce BC issues 12 years ago
Jordi Boggiano e46d26cb9b Add loadAliasPackage to the StreamableRepositoryInterface and clear up responsibilities between Pool and Repositories 12 years ago
Jordi Boggiano 26e8217db7 Remove duplication of branch alias parsing code 12 years ago
Jordi Boggiano 2d4076e9b2 Add support for aliases in streamed repos 12 years ago
Jordi Boggiano c8a685be6b Reduce memory usage by only loading packages that are actually needed, fixes #456 12 years ago
Jordi Boggiano a54bf6269e Improve error messages when network failures occur 12 years ago
Jordi Boggiano 2d41774bcc Add warning when loading an https repo if openssl is disabled, refs #930 12 years ago
Jordi Boggiano d80180c2b9 Allow notifyUrl to be a complete URL 12 years ago
Jordi Boggiano a06ebdd8ef Add caching to svn metadata 12 years ago
Jordi Boggiano 1bd4ccbd54 php-cs-fixer magic 12 years ago
Jordi Boggiano 8ff497ac6f Skip filter_var on 5.3.2 since it is buggy 12 years ago
Jordi Boggiano 70ad8274cd Work around poorly configured php 12 years ago
Jordi Boggiano b094ef7155 Add repository notification API support 12 years ago
Jordi Boggiano fc29487a2a Add home config key and use it to create the cache instance 12 years ago
Jordi Boggiano 0d97ec4783 Add cache to the composer repositories 12 years ago
Jordi Boggiano a476d1f97d Add support for the new composer repository format 12 years ago