From c6f956927a589e0634364069fcd1197893023947 Mon Sep 17 00:00:00 2001 From: Kentaro Ohkouchi Date: Wed, 25 Sep 2019 10:41:04 +0900 Subject: [PATCH] Improve composer installer - Check to signature. - Add error handling. - See Also https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md --- src/linux.sh | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/src/linux.sh b/src/linux.sh index f279e761..deec7dbc 100644 --- a/src/linux.sh +++ b/src/linux.sh @@ -13,13 +13,27 @@ if [ "$version" != "$1" ]; then fi if [ ! -e "/usr/bin/composer" ]; then - sudo curl -s https://getcomposer.org/installer | php; - sudo mv composer.phar /usr/local/bin/composer; + EXPECTED_SIGNATURE="$(curl -s https://composer.github.io/installer.sig)" + curl -s -L https://getcomposer.org/installer > composer-setup.php + ACTUAL_SIGNATURE="$(php -r "echo hash_file('sha384', 'composer-setup.php');")" + + if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then + >&2 echo 'ERROR: Invalid installer signature' + rm composer-setup.php + exit 1 + fi + + COMPOSER_ALLOW_SUPERUSER=1 + sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer + RESULT=$? + rm composer-setup.php + exit $RESULT fi + composer global require hirak/prestissimo > /dev/null 2>&1 ini_file=$(php --ini | grep "Loaded Configuration" | sed -e "s|.*:s*||" | sed "s/ //g") ext_dir=$(/usr/bin/php -i | grep "extension_dir => /usr" | sed -e "s|.*=> s*||") sudo chmod 777 "$ini_file" sudo mkdir -p /run/php php -v -composer -V \ No newline at end of file +composer -V