Improve composer installer on darwin

- Check to signature. - Add error handling.
2024-10-18 20:20:14 +07:00 · 2019-09-25 11:55:40 +09:00 · 2019-09-25 11:55:40 +09:00 · a0b0e58cb3
commit a0b0e58cb3
parent c6f956927a
1 changed files with 18 additions and 4 deletions
--- a/src/darwin.sh
+++ b/src/darwin.sh
@ -6,9 +6,23 @@ ini_file=$(php --ini | grep "Loaded Configuration" | sed -e "s|.*:s*||" | sed "s
 ext_dir=$(/usr/bin/php -i | grep "extension_dir => /usr" | sed -e "s|.*=> s*||")
 sudo chmod 777 "$ini_file"
 mkdir -p "$(pecl config-get ext_dir)"
-curl -sS https://getcomposer.org/installer | php
-chmod +x composer.phar
-mv composer.phar /usr/local/bin/composer
+if [ ! -e "/usr/bin/composer" ]; then
+	EXPECTED_SIGNATURE="$(curl -s https://composer.github.io/installer.sig)"
+	curl -s -L https://getcomposer.org/installer > composer-setup.php
+	ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")"
+
+	if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then
+		>&2 echo 'ERROR: Invalid installer signature'
+		rm composer-setup.php
+		exit 1
+	fi
+
+	COMPOSER_ALLOW_SUPERUSER=1
+	sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
+	RESULT=$?
+	rm composer-setup.php
+	exit $RESULT
+fi
 composer global require hirak/prestissimo
 php -v
-composer -V
+composer -V