Allow setting stream context options #1177

Merged
merged 6 commits into from Oct 4, 2012

Conversation

Projects
None yet
3 participants
Contributor

sandermarechal commented Oct 3, 2012

These changes allow setting stream context options in a repository definition. This allows all kinds of nifty things, like hosting composer repositories on SSH, using SSL client certificates.

Example: Hosting private composer repository on SSH (requires SSH2 PECL extension)

{
    "repositories": [
        {
            "type": "composer",
            "url": "ssh2.sftp://myserver:22/path/to/packages.json",
            "options": {
                "ssh2": {
                    "username": "composer",
                    "pubkey_file": "/path/to/composer.key.pub",
                    "privkey_file": "/path/to/composer.key"
                }
            }
        }
    ]
}

Example: SSL client certificate

{
    "repositories": [
        {
            "type": "composer",
            "url": "https://myserver",
            "options": {
                "ssl": { "local_cert": "/path/to/composer.pem" }
            }
        }
    ]
}

This also fixes #777

sandermarechal added some commits Oct 3, 2012

@sandermarechal sandermarechal Allow dot in URL scheme
This makes it possible to support SSH2 urls, like ssh2.scp://
See: http://www.php.net/manual/en/wrappers.ssh2.php
4799053
@sandermarechal sandermarechal Add repository stream context options
Add support for passing stream context options to the
StreamContextFactory. This allows support for SSH keyfiles, SSL
certificates and much more. Example:

{
    "repositories": [
        {
            "type": "composer",
            "url": "ssh2.sftp://host:22/path/to/packages.json",
            "options": {
                "ssh2": {
                    "username": "composer",
                    "pubkey_file": "/path/to/composer.key.pub",
                    "privkey_file": "/path/to/composer.key"
                }
            }
        }
    ]
}
6cf8606
@sandermarechal sandermarechal Unittest for stream options 748c476
Owner

Seldaek commented Oct 3, 2012

Pretty cool but could you please document this as well? A new block about securing the repository in http://getcomposer.org/doc/articles/handling-private-packages-with-satis.md would be neat.

@stof stof and 1 other commented on an outdated diff Oct 3, 2012

tests/Composer/Test/Util/RemoteFilesystemTest.php
@@ -102,9 +119,9 @@ public function testCopy()
unlink($file);
}
- protected function callGetOptionsForUrl($io, array $args = array())
+ protected function callGetOptionsForUrl($io, array $options = array(), array $args = array())
@stof

stof Oct 3, 2012

Contributor

Putting the options at the end would allow you to omit them for most tests as they don't need them, instead of having to pass an empty array each time :)

@sandermarechal

sandermarechal Oct 3, 2012

Contributor

Fixed.

@stof stof and 1 other commented on an outdated diff Oct 3, 2012

src/Composer/Util/RemoteFilesystem.php
@@ -241,6 +243,8 @@ protected function getOptionsForUrl($originUrl)
$options['http']['header'] .= "Authorization: Basic $authStr\r\n";
}
+ $options = array_merge_recursive($options, $this->options);
@stof

stof Oct 3, 2012

Contributor

As the options are an associative array, you should use array_replace_recursive to avoid weird behaviors:

array_merge_recursive(
    array('http' => array('header' => 'foo')),
    array('http' => array('header' => 'bar'))
)
===
array('http' => array('header' => array('foo', 'bar')));
@sandermarechal

sandermarechal Oct 3, 2012

Contributor

Whoops. Good catch. Fixed.

Contributor

sandermarechal commented Oct 3, 2012

I have fixed the things @stof pointed out and added documentation.

Seldaek merged commit b3077bc into composer:master Oct 4, 2012

Owner

Seldaek commented Oct 4, 2012

Thanks, merged. It'd still be cool to have a bit more docs I guess in terms of how to set up client certificate verification on the server etc, but that's more advanced cookbook stuff that can come later..

Contributor

sandermarechal commented Oct 4, 2012

I think that would be better, yes. When you go that far it also matters what kind of code repository you have for your setup. I'm planning to write an article on using a private composer + svn over SSH using passwordless keys.

Thanks for merging! Any idea how long it takes for this to appear in the main composer release? Then I know when I can start rolling out composer in our company (we really needed this).

Contributor

stof commented Oct 4, 2012

@sandermarechal simply run composer self-update and you will have it. the phar is built after each commit to the master branch

@ghost

ghost commented Oct 7, 2012

@sandermarechal maybe as a start we could link to http://phpsecurity.readthedocs.org/en/latest/Transport-Layer-Security-%28HTTPS-SSL-and-TLS%29.html#php-streams which I quess describes SSL context options quiet good, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment