Skip to content
This repository has been archived by the owner on Mar 1, 2022. It is now read-only.

Switch to composer from pear for PHP dependencies #555

Closed
andreamlin opened this issue Jan 29, 2019 · 5 comments
Closed

Switch to composer from pear for PHP dependencies #555

andreamlin opened this issue Jan 29, 2019 · 5 comments
Assignees
@alexander-fenster @andreamlin @michaelbausor
Labels
blocking release

Comments

@andreamlin
Copy link
Contributor

andreamlin commented Jan 29, 2019
edited
Loading

New images of artman won't build because it requires the pear util, whose server has been hacked and is now down.

failure log https://circleci.com/gh/googleapis/artman/8964

pear's website: http://pear.php.net/
arstechnica article: https://arstechnica.com/information-technology/2019/01/pear-php-site-breach-lets-hackers-slip-malware-into-official-download/

We can switch to composer instead of pear.
@alexander-fenster
Copy link
Contributor

alexander-fenster commented Jan 29, 2019
edited
Loading

Why me?

@michaelbausor asking you as a PHP lead :) So we've got this in our Dockerfile:

Step 24/37 : RUN pear install PHP_CodeSniffer-2.9.1   && curl -L https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases/download/v2.2.7/php-cs-fixer.phar -o /usr/local/bin/php-cs-fixer   && chmod a+x /usr/local/bin/php-cs-fixer   && cd /
 ---> Running in 763fd770d982
No releases available for package "pear.php.net/PHP_CodeSniffer"
install failed
The command '/bin/sh -c pear install PHP_CodeSniffer-2.9.1   && curl -L https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases/download/v2.2.7/php-cs-fixer.phar -o /usr/local/bin/php-cs-fixer   && chmod a+x /usr/local/bin/php-cs-fixer   && cd /' returned a non-zero code: 1
Exited with code 1

These commands are called from here:

artman/Dockerfile

Lines 129 to 132 in 5bcb888

RUN pear install PHP_CodeSniffer-2.9.1 \
&& curl -L https://github.com/FriendsOfPHP/PHP-CS-Fixer/releases/download/v2.2.7/php-cs-fixer.phar -o /usr/local/bin/php-cs-fixer \
&& chmod a+x /usr/local/bin/php-cs-fixer \
&& cd /

Do you know the correct way of fixing it?

Thanks!

@andreamlin
Copy link
Contributor Author

@alexander-fenster haha meant to just cc you

it's a blocker for me, so i'll look into it first. I asked michael about using composer instead and that seems like a good alternative.

@michaelbausor
Copy link
Contributor

Another option that may be easier that using composer is to replace the pear install with a curl or wget to pull the .phar files from here: https://github.com/squizlabs/PHP_CodeSniffer/releases/tag/2.9.1. This is similar to the following three lines that pull in php-cs-fixer.

There are instructions here on using curl or wget: https://github.com/squizlabs/PHP_CodeSniffer#installation. To keep things exactly the same, we should grab the 2.9.1 release from github.

That said, composer is totally fine too, whichever is easiest.

@andreamlin andreamlin mentioned this issue Jan 31, 2019
Closed
@andreamlin
Copy link
Contributor Author

andreamlin commented Jan 31, 2019
edited
Loading

@michaelbausor, @alexander-fenster Looking at the artman code, it doesn't seem that phpcs is called anywhere. Can we just take out these deps? php isn't even a dep listed in the Dockerfile.

NOPE never mind

@andreamlin andreamlin mentioned this issue Jan 31, 2019
Merged
@andreamlin
Copy link
Contributor Author

Fixed in #557. Closing this.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@alexander-fenster alexander-fenster

@andreamlin andreamlin

@michaelbausor michaelbausor

Labels
blocking release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexander-fenster @andreamlin @michaelbausor