GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → fastbill → Tiny Composer Installer

fastbill / Tiny Composer Installer

Licence: mit
Small, auditable Composer installer, well suited for automated environments.

Labels

dockercomposerinstaller

Projects that are alternatives of or similar to Tiny Composer Installer

aplus
Aplus Command Line Tool
Stars: ✭ 71 (+688.89%)
Mutual labels:  composer, installer
Laravel Paket
Composer GUI. Manage Laravel dependencies from web interface without switching to command line!
Stars: ✭ 143 (+1488.89%)
Mutual labels:  installer, composer
Project
⭐️ Antares Project Application Skeleton. This is the very first place you should start. It allows you to create a brand new awesome project in easy few steps.
Stars: ✭ 84 (+833.33%)
Mutual labels:  installer, composer
Codeigniter Composer Installer
Installs the offical CodeIgniter 3 with secure folder structure via Composer
Stars: ✭ 357 (+3866.67%)
Mutual labels:  installer, composer
Url Rewrites
Magento 1.x module to target the URL Rewrite issue
Stars: ✭ 17 (+88.89%)
Mutual labels:  composer
Awesome Composer
😎 A curated awesome list for Composer, Packagist, Satis, Plugins, Scripts, Composer related resources, tutorials.
Stars: ✭ 738 (+8100%)
Mutual labels:  composer
Composer Merge Plugin
Merge one or more additional composer.json files at Composer runtime
Stars: ✭ 718 (+7877.78%)
Mutual labels:  composer
Robot Loader
🍀 RobotLoader: high performance and comfortable autoloader that will search and autoload classes within your application.
Stars: ✭ 690 (+7566.67%)
Mutual labels:  composer
Halite
High-level cryptography interface powered by libsodium
Stars: ✭ 933 (+10266.67%)
Mutual labels:  composer
Parameterhandler
Composer script handling your ignored parameter file
Stars: ✭ 906 (+9966.67%)
Mutual labels:  composer
Ical
iCal-creator for PHP
Stars: ✭ 891 (+9800%)
Mutual labels:  composer
Displaylink Debian
DisplayLink driver installer for Debian and Ubuntu based Linux distributions.
Stars: ✭ 768 (+8433.33%)
Mutual labels:  installer
Syscrack
Virtual Online Crime Simulator (VOCS) written in PHP 7.0
Stars: ✭ 17 (+88.89%)
Mutual labels:  composer
Busybox
BusyBox for Android
Stars: ✭ 716 (+7855.56%)
Mutual labels:  installer
Wp Multitenancy Boilerplate
WordPress multitenancy boilerplate configured and managed with Composer and PHP dotenv.
Stars: ✭ 24 (+166.67%)
Mutual labels:  composer
Composer
Dependency Manager for PHP
Stars: ✭ 25,994 (+288722.22%)
Mutual labels:  composer
Postprocessing
A post processing library that provides the means to implement image filter effects for three.js.
Stars: ✭ 830 (+9122.22%)
Mutual labels:  composer
Aliyun Sts
基于阿里云openapi系列接口中STS最新版本的SDK进行封装的composer package,解耦其他产品SDK,各个产品SDK功能使用组件化加载,减少代码臃肿。
Stars: ✭ 19 (+111.11%)
Mutual labels:  composer
Package Skeleton
📦 My base for PHP packages.
Stars: ✭ 6 (-33.33%)
Mutual labels:  composer
Php Haloapi
This wrapper has for purpose to simplify the work of PHP developers who wants to use the official Halo API (beta).
Stars: ✭ 5 (-44.44%)
Mutual labels:  composer
View All Similar Projects ➔

Tiny Composer Installer Build Status

This is a small, simple and easily auditable tool that downloads Composer, checks its signature and saves it to an executable file. It is designed to be small enough to be committed into your project’s repository to safely bootstrap Composer, which is especially useful in a Dockerfile.

Give me the tl;dr.

As soon as you’ve downloaded tiny-composer-installer.php, run php tiny-composer-installer.php composer.phar to get the current stable version of Composer saved to composer.phar.

When you’re using a Dockerfile based on the official PHP images, you can do it like this:

COPY tiny-composer-installer.php ./

# If your USER is root, you can install Composer globally.
RUN php tiny-composer-installer.php /usr/local/bin/composer \
 && rm tiny-composer-installer.php

Requirements and limitations

  • We haven’t tested this tool in a lot of different environments yet. If it doesn’t work for you, please tell us. However, we don’t aim to support every possible environment.
  • allow_url_fopen and the OpenSSL extension need to be available/enabled.
  • You need PHP 5.3.2 to run Composer. Tiny Composer Installer doesn’t check for that. The installer itself requires at least PHP 5.2.

Installation

Get the latest version by simply downloading tiny-composer-installer.php from here. The version in master should always be production ready. As you’re supposed to read this file to trust it and then commit to your project’s repo, we don’t provide a suggestion to automate this.

Why do I want this?

  • You shouldn’t commit composer.phar to your repository. It’s about 2 MB, after all. Instead, you should fetch a current version of it when setting up or building the project.
  • You shouldn’t commit the original installer either. It changes less often, but it’s still 300 K in size.
  • Neither should you curl https://getcomposer.org/installer | php, because you are not checking the signature.
  • Fetching the signature from GitHub and then comparing the installer against it, as recommended in the official docs is a possibility, but cumbersome. Also, if someone can tamper with the installer download file, they can most likely mess around with the SHA384 signature as well.

Wouldn’t it be nice if the installer wasn’t so large, so you could actually read it, understand it and commit a safe, audited version of it to your project’s repo? This is exactly what Tiny Composer Installer is designed for.

Security

  • This is less than 150 lines of PHP. If you’re not sure whether to trust it, read it. There are no classes or global variables. There aren’t many comments either, but that’s because it’s really rather self-explanatory.
  • Before saving the downloaded Composer PHAR, its signature is checked. And not simply against a SHA hash, but against a signature that has been signed with the public key of the Composer developers. That’s the same security check the original installer does.
  • About half of these 150 lines is error handling. We didn’t trade size for carelessness.

Usage

You can pass a destination filename as a parameter. Please note that if the download and signature checks succeed, the file will be overwritten without asking. If you don’t supply a filename, a random one in your system’s temp directory will be generated.

Whether you supplied a parameter or not, when Tiny Composer Installer succeeds it will echo the destination filename to standard output and return with an exit code of zero. On error, stdout will be empty and a non-zero error code will be returned. This allows you to do something like this:

phar="$(php tiny-composer-installer.php)" && php "$phar" install && rm "$phar"

If that’s too fancy for you, this is how you install Composer globally to /usr/local/bin.

sudo php tiny-composer-installer.php /usr/local/bin/composer

FAQ

How did you get it so small?

  • The official installer contains a CA bundle for HTTPS connections. We rely on your system already having one. Actually, since we’re checking the signature against a hardcoded public key, we wouldn’t have to use HTTPS at all.
  • The official installer works in a lot of environments and therefore has many checks and fallbacks. We don’t. We assume that you’re using this in an automated toolchain and that you provide a suitable environment.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].