CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added composer installer signature check according to official docs: https://getcomposer.org/doc/faqs/how-to-install-composer-programmatically.md

This commit is contained in:
DerDummePunkt 2018-03-10 10:53:21 +01:00
parent be1716a0e1
commit 91598d8863
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@ -47,7 +47,15 @@ RUN apt-get update \
&& docker-php-ext-install -j4 $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \ && docker-php-ext-install -j4 $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
&& docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \ && docker-php-ext-enable $PHP_EXTENSIONS $PECL_PASSBOLT_EXTENSIONS \
&& docker-php-source delete \ && docker-php-source delete \
&& curl -sS https://getcomposer.org/installer | php \ && EXPECTED_SIGNATURE=$(curl -s https://composer.github.io/installer.sig) \
&& php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" \
&& ACTUAL_SIGNATURE=$(php -r "echo hash_file('SHA384', 'composer-setup.php');") \
&& if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]; then \
>&2 echo 'ERROR: Invalid installer signature'; \
rm composer-setup.php; \
exit 1; \
fi \
&& php composer-setup.php \
&& mv composer.phar /usr/local/bin/composer \ && mv composer.phar /usr/local/bin/composer \
&& curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \ && curl -sSL $PASSBOLT_URL | tar zxf - -C . --strip-components 1 \
&& composer install -n --no-dev --optimize-autoloader \ && composer install -n --no-dev --optimize-autoloader \