Skip to content


Subversion checkout URL

You can clone with
Download ZIP


Full /tmp partition causes Composer to throw misleading RepositorySecurityException #2542

jurajseffer opened this Issue · 0 comments

1 participant


I had trouble updating using Composer after I debugged some PHP script using xdebug that created large dump files in /tmp. I didn't notice /tmp ran out of space. Composer wouldn't update, throwing this exception:

  The contents of$821114bc76b28c493b9495a9421ce57b656fc68f59dd2b94a649a86bc098714a.json do not match its signature. This should indicate a man-in-the-middle  
   attack. Try running composer again and report this if you think it is a mistake.                                                                                                                   

After downloading the latest Composer source code from Github, clearing the cache and commenting out the exception, Composer complained about none of the projects I had in my composer.json file could be found. I assume it fails to save the list of available packages from public and private repositories but should not fail with a security exception as that's very misleading. After I've cleaned up /tmp, Composer worked as usual.

To replicate it, I just copied a large file into my /tmp until it ran out of space.

I'd like to see a "out of disk space" exception for temporary storage.

@Seldaek Seldaek closed this in #3207
@pjcdawkins pjcdawkins referenced this issue in platformsh/platformsh-cli

Composer\Repository\RepositorySecurityException #162

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.