Fetch composer binary from HTTPS-only

[shakaran]

cap symfony:composer:get fails to get composer file

  * 2015-04-26 23:29:58 executing `symfony:composer:get'
  * executing "if [ -e /home/user/public/releases/20150426232955/composer.phar ]; then echo 'true'; fi"
    servers: ["mydomain.com"]
    [mydomain.com] executing command
    command finished in 121ms
--> Downloading Composer
  * executing "sh -c 'cd /home/user/public/releases/20150426232955 && curl -s http://getcomposer.org/installer | php'"
    servers: ["mydomain.com"]
    [mydomain.com] executing command
 ** [out :: mydomain.com] <html>
 ** [out :: mydomain.com] <head><title>302 Found</title></head>
 ** [out :: mydomain.com] <body bgcolor="white">
 ** [out :: mydomain.com] <center><h1>302 Found</h1></center>
 ** [out :: mydomain.com] <hr><center>nginx</center>
 ** [out :: mydomain.com] </body>
 ** [out :: mydomain.com] </html>
    command finished in 170ms

Check composer/composer#3047

We need https only, so:

curl -sS https://getcomposer.org/installer | php

This pull request just simply add the -S param running this sed command:

sed -i "s@curl -s http://getcomposer.org@curl -sS https://getcomposer.org@g" lib/symfony2/symfony.rb spec/capifony_symfony2_symfony_spec.rb

[eps90]

I think this issue is urgent and it should be merged asap. I've checked your solution and it works. What do you think about adding -L option to curl to prevent such problems in future?

[hco]

Having the same issue.

[npanasenko]

Confirmed, Please merge asap

[ppawlakov]

👍

[SylvG]

👍

[HitoTech]

👍

[tyx]

👍

[hco]

Just in case one of you needs a hotfix, for us adding the following to our capfile worked:

# symfony:composer:get
namespace :symfony do
  namespace :composer do
    desc "Gets composer and installs it"
    task :get, :roles => :app, :except => { :no_release => true } do
      install_options = ''
      unless composer_version.empty?
        install_options += " -- --version=#{composer_version}"
      end

      if use_composer_tmp
        # Because we always install to temp location we assume that we download composer every time.
        logger.debug "Downloading composer to #{$temp_destination}"
        capifony_pretty_print "--> Downloading Composer to temp location"
        run_locally "cd #{$temp_destination} && curl -sSL https://getcomposer.org/installer | #{php_bin}#{install_options}"
      else
        if !remote_file_exists?("#{latest_release}/composer.phar")
          capifony_pretty_print "--> Downloading Composer"

          run "#{try_sudo} sh -c 'cd #{latest_release} && curl -sSL https://getcomposer.org/installer | #{php_bin}#{install_options}'"
        else
          capifony_pretty_print "--> Updating Composer"

          run "#{try_sudo} sh -c 'cd #{latest_release} && #{php_bin} composer.phar self-update #{composer_version}'" \
        end
      end
      capifony_puts_ok
    end
  end
end

I don't really know ruby, so i might have made the world explode with that patch :-)

[lenybernard]

👍

[matejvelikonja]

+1 for the -L option

[ke20]

Same issue +1

[adam187]

+1

My quick fix was installing composer globally on server and set up set :composer_bin path.

[tuscanicz]

👍

[eps90]

@hco I did the same but without -L option - works :)

[garak]

👍

[dupuchba]

@everzet can you merge it plz ?

[chapa]

@dupuchba +1

[edhgoose]

If you're able to modify the gems directly, I found the easiest hotfix was to run the command in @shakaran's PR in the location of capifony. If you want to find that location, I found running gem environment on my machine, that it was in one of the Gem Paths listed.

Command repeated here:

sed -i "s@curl -s http://getcomposer.org@curl -sS https://getcomposer.org@g" lib/symfony2/symfony.rb spec/capifony_symfony2_symfony_spec.rb

[solilokiam]

👍

[Seldaek]

I fixed the server config to allow static files access over http again so y'all can get back to work, but this definitely should be merged.

[alcaeus]

Thank you @Seldaek. 👍

[dupuchba]

@Seldaek 👍 (between who has the credentials to merge? )

[hco]

As we got several workarounds,and @Seldaek made those workarounds not necessary at the moment, let's all just sit back and give @everzet some time to merge this.

I assume that he doesn't need any more "+1"s to understand that this has to be fixed :-)

[alsar]

As already mentioned you can use composer globaly on the server:
set :composer_bin, "/usr/local/bin/composer"

[willdurand]

Ok ok, thanks for the fix. New release is on its way.

[willdurand]

v2.8.5 is out!

[shakaran]

@eps90 see #573 for add -L as you suggested

[dupuchba]

👍 nice :-)

[szabogyula]

👍