095852933e
Remove code duplication, add support for searchUrl
12 years ago
06026d6b93
Add @deprecated note
12 years ago
4207fc3b19
Refactor require-dev handling to use one single repository and a one pass solving, fixes #719 , fixes #1185 , fixes #1330 , fixes #789 , fixes #640
12 years ago
259a25344d
Use the api to get file contents instead of raw.github.com
...
raw.github does not like the access_token query param
12 years ago
573b7a0fb7
Only downgrade providers but not the notification url
12 years ago
f69418427f
Add lib-ICU platform package
12 years ago
15e9c3d101
Show proper error message when a git bitbucket repo is loaded as hg repo, refs composer/packagist#294
12 years ago
d4c9a9004a
Add support for the hashed provider includes
12 years ago
2c4c5dd764
Fail hard only after 3 failed attempts
12 years ago
b750e70f5f
Abort execution when a RepositorySecurityException is thrown
12 years ago
995dc40130
Make packagist downgrade out of ssl after fetching the main file, since the other files can be verified via sha256
12 years ago
211b69b38b
Adjust exception message
12 years ago
b59489f6ae
Merge remote-tracking branch 'edas/exception-on-broken-signature'
12 years ago
9521d1e7ad
Make use of new hashed provider filenames, fixes #1431 , refs composer/packagist#283
12 years ago
a8a99cee24
Fix RepositorySecurityException class name
12 years ago
59f8be3b92
Throw Exception on broken signature
...
This is related to issue #1562
With a fresh installation of Composer I had the following message:
> The contents of https://packagist.org/p/providers-latest.json do not
match its signature, this is most likely due to a temporary glitch but
could indicate a man-in-the-middle attack.
> Try running composer again and please report it if it still persists.
This was *probably* a temporary glitch, as the error did not appear
again, even after a full reinstallation of all packages.
*However* Composer had no way to differentiate a man-in-the-middle
attack and a temporary glitch. The installation / update did continue
despite the problem and files where installed / updates with no easy
rollback. These files may have been corrupted with malicious code and I
have no way to check they don't.
This is a *serious* security issue.
The code in [ComposerRepository line
434](https://github.com/composer/composer/blob/master/src/Composer/Repos
itory/ComposerRepository.php#L434) states
```php
// TODO throw SecurityException and abort once we are sure this can not
happen accidentally
````
Even if the broken signature may happen in accidentally in a standard
process, if it may be a security issue, we have to abort the procedure,
or at least ask for confirmation to the user. If it helps continuing
despite the temporary glitch, it may be possible to add a command line
switch like `--ignore-signature` to force the process to continue.
Proposed :
Send a RepositorySecurityException instead of the warning, even if this
may happen accidentally
12 years ago
17a5bdf162
Normalize github URLs generated by the GitHubDriver, fixes #1551
12 years ago
432955e0ae
Fix github url escaping, raw.github.com doesnt like escaped slashes
12 years ago
8904888a74
Add php-64bit package if the php version has 64bit ints, fixes #1506 , fixes #1511
12 years ago
514a3cde77
CS fixes
12 years ago
5b24a48827
Allow disabling svn branches/tags, fixes composer/satis#43
12 years ago
04c6670f0c
Detect invalid ssh URLs, fixes #1124
12 years ago
224934831d
Change all github archive URLs to API URLs and handle fallback for those to nodeload
12 years ago
120f52c632
Generate private zipball urls for private repositories
12 years ago
cebd43e735
fixed detection of inactive branches in hg
12 years ago
a8f74a0983
Allow notification from locked installs, fixes #1368 , fixes #1372 , fixes #1369
12 years ago
e868c9706b
Add support for batch notifications
12 years ago
9713bf8bec
Fix for PearRepository scheme handling, broke ChannelReaderTest.
12 years ago
0be2fd12e4
Fix for PEAR package downloading in PearRepository: now using https as
...
scheme if the PEAR channel uses https. The old behavior broke installing
PEAR packages from https-only PEAR channels.
12 years ago
15475f0ef2
Rename cache dirs to consolidate them by purpose
12 years ago
326fcbcab7
Enforce UTC on all datetime instances, set lock release date to datetime always, refs #923
12 years ago
172414a1f0
Add support for ~/+ in addition to - as separator between PHP version and build details, fixes #1322
12 years ago
4f5d08e2ad
Add InvalidRepositoryException
12 years ago
4959c2bdc6
Replace references of a11n with a12n where appropriate
...
Authorization => Authentication.
12 years ago
cbd91b5952
Fix FILTER_VALIDATE_URL not supporting IDNs
12 years ago
0c61e9d345
Add warning/errors flags to VCS repo output
12 years ago
dae7f3cee7
Add a way to know if any branch failed loading
12 years ago
61bd34df55
Make sure error output is clearly visible
12 years ago
967c771b26
Add warnings to ValidatingArrayLoader that are simply stripped by default, add reporting of warnings when loading branches
12 years ago
1682532b80
Update code to use new github archive URLs
12 years ago
bb701da8c2
Do not overwrite output in verbose mode
12 years ago
45c1c3f881
Fixed package name for stability test in ComposerRepository
12 years ago
b10c832be0
fixed a typo
12 years ago
2b06503027
SvnDriver fixes
12 years ago
83fd3967f0
Fixed PHPDoc
12 years ago
5eead93250
Fixed typos
12 years ago
125ff3e4f5
Fix root aliasing with new providers repo format
12 years ago
ad9f887edd
Clarify error message to sound less scary until we can guarantee it
12 years ago
9ed481ef02
Fix handling of legacy Composer repositories
12 years ago
e887f6cea9
Fix CS
12 years ago
89d4df990a
Use JsonFile to decode cached entries
12 years ago
bebd1ce9c7
Always check for OAuth token in git config, fixes #1243
12 years ago
1760b1e093
Prevent CompositeRepository instances from being nested
12 years ago
fef3dacdfb
Reset ids of aliased packages as well
12 years ago
39e69a3b12
Refactor OAuth acquisition code to generalize it
12 years ago
bf5f34a114
Merge remote-tracking branch '1stvamp/github-tokens-from-git-config'
12 years ago
338127ff9c
Disable failure on hash mismatch until it can be proven to work reliably
12 years ago
3116c979d3
Fix undefined var, fixes #1235
12 years ago
573e4b2a7c
Merge branch 'newrepo'
12 years ago
5fb0403276
Use process executor instead of exec to run git config
12 years ago
1442c1e026
Damnable tabs!
12 years ago
2cb07dd2fe
Allow use of Github OAuth2 token stored in git config
12 years ago
0a3097c569
Merge remote-tracking branch 'bboer/feature/svn-alternative-structures'
...
Conflicts:
src/Composer/Repository/Vcs/GitHubDriver.php
12 years ago
5051e7a0a2
Only try to authorize when fetching the repo info, not subsequent calls, refs #423
12 years ago
32282e7461
Add hostname to the OAuth app name
12 years ago
a9811c4e40
Store and reload the github token to/from the config
12 years ago
3b01d26d67
Swap user credentials for an OAuth token from GitHub
12 years ago
1bd5d88b02
quick workaround for Github API limit
12 years ago
5978197b5d
Reset package IDs before they can be used in the pool in case there are already some in the cache
12 years ago
ee0cd07468
CS fixes
12 years ago
541bcabbc0
Actually check the hash after downloading
12 years ago
07f72e9fb6
Add support for provider listings
12 years ago
a3f9accd37
Fix various dumb issues
12 years ago
aafc1f7857
Make sure alias package have a repo instance set
12 years ago
41c7432fef
Do not fetch from repo for packages that obviously can not be there
12 years ago
c0e5736ae7
Add support for one-file-per-provider composer repositories
12 years ago
fde3477563
Report issues in HgDriver as well
12 years ago
08670e7666
Report errors properly when git driver fails to write in the cache, refs #482
12 years ago
116b822953
Fix loop and add missing options
12 years ago
1d80720405
Add retries and failover of all jsons to cache even if the main one worked
12 years ago
fb296972ef
Enable https for packagist when possible
12 years ago
b3077bc4bc
Merge pull request #1177 from sandermarechal/stream-context
...
Allow setting stream context options
12 years ago
6cf860669f
Add repository stream context options
...
Add support for passing stream context options to the
StreamContextFactory. This allows support for SSH keyfiles, SSL
certificates and much more. Example:
{
"repositories": [
{
"type": "composer",
"url": "ssh2.sftp://host:22/path/to/packages.json",
"options": {
"ssh2": {
"username": "composer",
"pubkey_file": "/path/to/composer.key.pub",
"privkey_file": "/path/to/composer.key"
}
}
}
]
}
12 years ago
e188f69a0f
Merge remote-tracking branch 'origin/master'
12 years ago
4998bab944
Show warning if the svn binary is missing
12 years ago
4799053ca9
Allow dot in URL scheme
...
This makes it possible to support SSH2 urls, like ssh2.scp://
See: http://www.php.net/manual/en/wrappers.ssh2.php
12 years ago
5201564c0f
Added support for hg bookmarks
12 years ago
4772db1460
Add missing `use` in HgDriver
...
Closes #1165
12 years ago
6bd7ca0230
Fix typos and simplify code
12 years ago
35245eb817
Add support for local urls and better error reporting to HgDriver
12 years ago
c14826dd1e
Fix exception handling when loading repos
12 years ago
fe4516aff8
Clarify exception messages when a package can not be loaded from a composer repository, fixes #1070
12 years ago
57d1b5a37d
Issue #1056 . Fixed callback call error on search command.
12 years ago
00361e0087
Fixed tests
12 years ago
d1a452b00b
Made repoConfig available for the VcsDriver to be able to provide additional configuration options easily.
12 years ago
781e0d4f55
Add detection of gitolite user for git repos
12 years ago
803178d28f
CS fixes for #1038
12 years ago
560d6daccf
Using separate variable for URL parts
12 years ago
841efc98a6
Appending 'packages.json' only if not present in URL
12 years ago
93628c42d8
Add support for alternative structures
12 years ago
Jordi Boggiano
Eric Daspet
Chris Smith
Christoph
Raphael Kallensee
Igor Wiedler
Martin Hasoň
Bilal Amarni
Pascal Borreli
Chris Smith
Wes Mason
Thomas Adam
Sander Marechal
Zsolt Szeberenyi
Joseph Bielawski
Povilas Balzaravicius Pawka
bboer
Christoph Hochstrasser