Commit 29a3764f authored by Vincent Petry's avatar Vincent Petry Committed by GitHub
Browse files

Merge pull request #26864 from owncloud/get-secure-composer

Get composer using more secure method
parents 3e9d2d56 48ba5be4
......@@ -75,7 +75,7 @@ clean: clean-composer-deps clean-nodejs-deps clean-js-deps clean-test-results cl
# Basic required tools
#
$(COMPOSER_BIN):
cd build && curl -sS https://getcomposer.org/installer | php
cd build && ./getcomposer.sh
#
# ownCloud core PHP dependencies
......
#!/bin/sh
# From https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md
EXPECTED_SIGNATURE=$(wget -q -O - https://composer.github.io/installer.sig)
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');")
if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
then
>&2 echo 'ERROR: downloaded composer installer hash does not equal the expected one.'
rm composer-setup.php
exit 1
fi
php composer-setup.php --quiet
RESULT=$?
rm composer-setup.php
exit $RESULT
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment