function SelfUpdateCommand::execute
Throws
Overrides Command::execute
File
-
vendor/
composer/ composer/ src/ Composer/ Command/ SelfUpdateCommand.php, line 78
Class
- SelfUpdateCommand
- @author Igor Wiedler <igor@wiedler.ch> @author Kevin Ran <kran@adobe.com> @author Jordi Boggiano <j.boggiano@seld.be>
Namespace
Composer\CommandCode
protected function execute(InputInterface $input, OutputInterface $output) : int {
if ($_SERVER['argv'][0] === 'Standard input code') {
return 1;
}
// trigger autoloading of a few classes which may be needed when verifying/swapping the phar file
// to ensure we do not try to load them from the new phar, see https://github.com/composer/composer/issues/10252
class_exists('Composer\\Util\\Platform');
class_exists('Composer\\Downloader\\FilesystemException');
$config = Factory::createConfig();
if ($config->get('disable-tls') === true) {
$baseUrl = 'http://' . self::HOMEPAGE;
}
else {
$baseUrl = 'https://' . self::HOMEPAGE;
}
$io = $this->getIO();
$httpDownloader = Factory::createHttpDownloader($io, $config);
$versionsUtil = new Versions($config, $httpDownloader);
// switch channel if requested
$requestedChannel = null;
foreach (Versions::CHANNELS as $channel) {
if ($input->getOption($channel)) {
$requestedChannel = $channel;
$versionsUtil->setChannel($channel, $io);
break;
}
}
if ($input->getOption('set-channel-only')) {
return 0;
}
$cacheDir = $config->get('cache-dir');
$rollbackDir = $config->get('data-dir');
$home = $config->get('home');
$localFilename = realpath($_SERVER['argv'][0]);
if (false === $localFilename) {
$localFilename = $_SERVER['argv'][0];
}
if ($input->getOption('update-keys')) {
$this->fetchKeys($io, $config);
return 0;
}
// ensure composer.phar location is accessible
if (!file_exists($localFilename)) {
throw new FilesystemException('Composer update failed: the "' . $localFilename . '" is not accessible');
}
// check if current dir is writable and if not try the cache dir from settings
$tmpDir = is_writable(dirname($localFilename)) ? dirname($localFilename) : $cacheDir;
// check for permissions in local filesystem before start connection process
if (!is_writable($tmpDir)) {
throw new FilesystemException('Composer update failed: the "' . $tmpDir . '" directory used to download the temp file could not be written');
}
// check if composer is running as the same user that owns the directory root, only if POSIX is defined and callable
if (function_exists('posix_getpwuid') && function_exists('posix_geteuid')) {
$composerUser = posix_getpwuid(posix_geteuid());
$homeDirOwnerId = fileowner($home);
if (is_array($composerUser) && $homeDirOwnerId !== false) {
$homeOwner = posix_getpwuid($homeDirOwnerId);
if (is_array($homeOwner) && $composerUser['name'] !== $homeOwner['name']) {
$io->writeError('<warning>You are running Composer as "' . $composerUser['name'] . '", while "' . $home . '" is owned by "' . $homeOwner['name'] . '"</warning>');
}
}
}
if ($input->getOption('rollback')) {
return $this->rollback($output, $rollbackDir, $localFilename);
}
if ($input->getArgument('command') === 'self' && $input->getArgument('version') === 'update') {
$input->setArgument('version', null);
}
$latest = $versionsUtil->getLatest();
$latestStable = $versionsUtil->getLatest('stable');
try {
$latestPreview = $versionsUtil->getLatest('preview');
} catch (\UnexpectedValueException $e) {
$latestPreview = $latestStable;
}
$latestVersion = $latest['version'];
$updateVersion = $input->getArgument('version') ?? $latestVersion;
$currentMajorVersion = Preg::replace('{^(\\d+).*}', '$1', Composer::getVersion());
$updateMajorVersion = Preg::replace('{^(\\d+).*}', '$1', $updateVersion);
$previewMajorVersion = Preg::replace('{^(\\d+).*}', '$1', $latestPreview['version']);
if ($versionsUtil->getChannel() === 'stable' && null === $input->getArgument('version')) {
// if requesting stable channel and no specific version, avoid automatically upgrading to the next major
// simply output a warning that the next major stable is available and let users upgrade to it manually
if ($currentMajorVersion < $updateMajorVersion) {
$skippedVersion = $updateVersion;
$versionsUtil->setChannel($currentMajorVersion);
$latest = $versionsUtil->getLatest();
$latestStable = $versionsUtil->getLatest('stable');
$latestVersion = $latest['version'];
$updateVersion = $latestVersion;
$io->writeError('<warning>A new stable major version of Composer is available (' . $skippedVersion . '), run "composer self-update --' . $updateMajorVersion . '" to update to it. See also https://getcomposer.org/' . $updateMajorVersion . '</warning>');
}
elseif ($currentMajorVersion < $previewMajorVersion) {
// promote next major version if available in preview
$io->writeError('<warning>A preview release of the next major version of Composer is available (' . $latestPreview['version'] . '), run "composer self-update --preview" to give it a try. See also https://github.com/composer/composer/releases for changelogs.</warning>');
}
}
$effectiveChannel = $requestedChannel === null ? $versionsUtil->getChannel() : $requestedChannel;
if (is_numeric($effectiveChannel) && strpos($latestStable['version'], $effectiveChannel) !== 0) {
$io->writeError('<warning>Warning: You forced the install of ' . $latestVersion . ' via --' . $effectiveChannel . ', but ' . $latestStable['version'] . ' is the latest stable version. Updating to it via composer self-update --stable is recommended.</warning>');
}
if (isset($latest['eol'])) {
$io->writeError('<warning>Warning: Version ' . $latestVersion . ' is EOL / End of Life. ' . $latestStable['version'] . ' is the latest stable version. Updating to it via composer self-update --stable is recommended.</warning>');
}
if (Preg::isMatch('{^[0-9a-f]{40}$}', $updateVersion) && $updateVersion !== $latestVersion) {
$io->writeError('<error>You can not update to a specific SHA-1 as those phars are not available for download</error>');
return 1;
}
$channelString = $versionsUtil->getChannel();
if (is_numeric($channelString)) {
$channelString .= '.x';
}
if (Composer::VERSION === $updateVersion) {
$io->writeError(sprintf('<info>You are already using the latest available Composer version %s (%s channel).</info>', $updateVersion, $channelString));
// remove all backups except for the most recent, if any
if ($input->getOption('clean-backups')) {
$this->cleanBackups($rollbackDir, $this->getLastBackupVersion($rollbackDir));
}
return 0;
}
$tempFilename = $tmpDir . '/' . basename($localFilename, '.phar') . '-temp' . random_int(0, 10000000) . '.phar';
$backupFile = sprintf('%s/%s-%s%s', $rollbackDir, strtr(Composer::RELEASE_DATE, ' :', '_-'), Preg::replace('{^([0-9a-f]{7})[0-9a-f]{33}$}', '$1', Composer::VERSION), self::OLD_INSTALL_EXT);
$updatingToTag = !Preg::isMatch('{^[0-9a-f]{40}$}', $updateVersion);
$io->write(sprintf("Upgrading to version <info>%s</info> (%s channel).", $updateVersion, $channelString));
$remoteFilename = $baseUrl . ($updatingToTag ? "/download/{$updateVersion}/composer.phar" : '/composer.phar');
try {
$signature = $httpDownloader->get($remoteFilename . '.sig')
->getBody();
} catch (TransportException $e) {
if ($e->getStatusCode() === 404) {
throw new \InvalidArgumentException('Version "' . $updateVersion . '" could not be found.', 0, $e);
}
throw $e;
}
$io->writeError(' ', false);
$httpDownloader->copy($remoteFilename, $tempFilename);
$io->writeError('');
if (!file_exists($tempFilename) || null === $signature || '' === $signature) {
$io->writeError('<error>The download of the new composer version failed for an unexpected reason</error>');
return 1;
}
// verify phar signature
if (!extension_loaded('openssl') && $config->get('disable-tls')) {
$io->writeError('<warning>Skipping phar signature verification as you have disabled OpenSSL via config.disable-tls</warning>');
}
else {
if (!extension_loaded('openssl')) {
throw new \RuntimeException('The openssl extension is required for phar signatures to be verified but it is not available. ' . 'If you can not enable the openssl extension, you can disable this error, at your own risk, by setting the \'disable-tls\' option to true.');
}
$sigFile = 'file://' . $home . '/' . ($updatingToTag ? 'keys.tags.pub' : 'keys.dev.pub');
if (!file_exists($sigFile)) {
file_put_contents($home . '/keys.dev.pub', <<<DEVPUBKEY
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAnBDHjZS6e0ZMoK3xTD7f
FNCzlXjX/Aie2dit8QXA03pSrOTbaMnxON3hUL47Lz3g1SC6YJEMVHr0zYq4elWi
i3ecFEgzLcj+pZM5X6qWu2Ozz4vWx3JYo1/a/HYdOuW9e3lwS8VtS0AVJA+U8X0A
hZnBmGpltHhO8hPKHgkJtkTUxCheTcbqn4wGHl8Z2SediDcPTLwqezWKUfrYzu1f
o/j3WFwFs6GtK4wdYtiXr+yspBZHO3y1udf8eFFGcb2V3EaLOrtfur6XQVizjOuk
8lw5zzse1Qp/klHqbDRsjSzJ6iL6F4aynBc6Euqt/8ccNAIz0rLjLhOraeyj4eNn
8iokwMKiXpcrQLTKH+RH1JCuOVxQ436bJwbSsp1VwiqftPQieN+tzqy+EiHJJmGf
TBAbWcncicCk9q2md+AmhNbvHO4PWbbz9TzC7HJb460jyWeuMEvw3gNIpEo2jYa9
pMV6cVqnSa+wOc0D7pC9a6bne0bvLcm3S+w6I5iDB3lZsb3A9UtRiSP7aGSo7D72
8tC8+cIgZcI7k9vjvOqH+d7sdOU2yPCnRY6wFh62/g8bDnUpr56nZN1G89GwM4d4
r/TU7BQQIzsZgAiqOGXvVklIgAMiV0iucgf3rNBLjjeNEwNSTTG9F0CtQ+7JLwaE
wSEuAuRm+pRqi8BRnQ/GKUcCAwEAAQ==
-----END PUBLIC KEY-----
DEVPUBKEY
);
file_put_contents($home . '/keys.tags.pub', <<<TAGSPUBKEY
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0Vi/2K6apCVj76nCnCl2
MQUPdK+A9eqkYBacXo2wQBYmyVlXm2/n/ZsX6pCLYPQTHyr5jXbkQzBw8SKqPdlh
vA7NpbMeNCz7wP/AobvUXM8xQuXKbMDTY2uZ4O7sM+PfGbptKPBGLe8Z8d2sUnTO
bXtX6Lrj13wkRto7st/w/Yp33RHe9SlqkiiS4MsH1jBkcIkEHsRaveZzedUaxY0M
mba0uPhGUInpPzEHwrYqBBEtWvP97t2vtfx8I5qv28kh0Y6t+jnjL1Urid2iuQZf
noCMFIOu4vksK5HxJxxrN0GOmGmwVQjOOtxkwikNiotZGPR4KsVj8NnBrLX7oGuM
nQvGciiu+KoC2r3HDBrpDeBVdOWxDzT5R4iI0KoLzFh2pKqwbY+obNPS2bj+2dgJ
rV3V5Jjry42QOCBN3c88wU1PKftOLj2ECpewY6vnE478IipiEu7EAdK8Zwj2LmTr
RKQUSa9k7ggBkYZWAeO/2Ag0ey3g2bg7eqk+sHEq5ynIXd5lhv6tC5PBdHlWipDK
tl2IxiEnejnOmAzGVivE1YGduYBjN+mjxDVy8KGBrjnz1JPgAvgdwJ2dYw4Rsc/e
TzCFWGk/HM6a4f0IzBWbJ5ot0PIi4amk07IotBXDWwqDiQTwyuGCym5EqWQ2BD95
RGv89BPD+2DLnJysngsvVaUCAwEAAQ==
-----END PUBLIC KEY-----
TAGSPUBKEY
);
}
$pubkeyid = openssl_pkey_get_public($sigFile);
if (false === $pubkeyid) {
throw new \RuntimeException('Failed loading the public key from ' . $sigFile);
}
$algo = defined('OPENSSL_ALGO_SHA384') ? OPENSSL_ALGO_SHA384 : 'SHA384';
if (!in_array('sha384', array_map('strtolower', openssl_get_md_methods()), true)) {
throw new \RuntimeException('SHA384 is not supported by your openssl extension, could not verify the phar file integrity');
}
$signatureData = json_decode($signature, true);
$signatureSha384 = base64_decode($signatureData['sha384'], true);
if (false === $signatureSha384) {
throw new \RuntimeException('Failed loading the phar signature from ' . $remoteFilename . '.sig, got ' . $signature);
}
$verified = 1 === openssl_verify((string) file_get_contents($tempFilename), $signatureSha384, $pubkeyid, $algo);
// PHP 8 automatically frees the key instance and deprecates the function
if (\PHP_VERSION_ID < 80000) {
// @phpstan-ignore function.deprecated
openssl_free_key($pubkeyid);
}
if (!$verified) {
throw new \RuntimeException('The phar signature did not match the file you downloaded, this means your public keys are outdated or that the phar file is corrupt/has been modified');
}
}
// remove saved installations of composer
if ($input->getOption('clean-backups')) {
$this->cleanBackups($rollbackDir);
}
if (!$this->setLocalPhar($localFilename, $tempFilename, $backupFile)) {
@unlink($tempFilename);
return 1;
}
if (file_exists($backupFile)) {
$io->writeError(sprintf('Use <info>composer self-update --rollback</info> to return to version <comment>%s</comment>', Composer::VERSION));
}
else {
$io->writeError('<warning>A backup of the current version could not be written to ' . $backupFile . ', no rollback possible</warning>');
}
return 0;
}