Skip to content
This repository has been archived by the owner on Mar 13, 2019. It is now read-only.

Hash installer verifying error #68

Closed
fdiasr opened this issue May 11, 2016 · 2 comments
Closed

Hash installer verifying error #68

fdiasr opened this issue May 11, 2016 · 2 comments

Comments

@fdiasr
Copy link

fdiasr commented May 11, 2016

Composer installer was updated, so using repository outdated code I had an error message : "Invalid installer". I checked base/Dockerfile validation use SHA hardcoded.

Is not a good idea using installer.sig for it ?

Something like:

RUN export COMPOSER_INSTALLER_SHA384=$(curl https://composer.github.io/installer.sig) \
  && php -r "readfile('https://getcomposer.org/installer');" > /tmp/composer-setup.php \
  && php -r "if (hash('SHA384', file_get_contents('/tmp/composer-setup.php')) !== '${COMPOSER_INSTALLER_SHA384}') { unlink('/tmp/composer-setup.php'); echo 'Invalid installer' . PHP_EOL; exit(1); }"
@RobLoach
Copy link
Owner

Didn't know https://composer.github.io/installer.sig existed! Good call.... I'll push up a PR. Mind taking a look once it's up?

@RobLoach RobLoach mentioned this issue May 11, 2016
Merged
@fdiasr
Copy link
Author

fdiasr commented May 11, 2016

👍

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@RobLoach @fdiasr