diff options
author | Pol Dellaiera <pol.dellaiera@protonmail.com> | 2024-02-13 15:33:27 +0100 |
---|---|---|
committer | Pol Dellaiera <pol.dellaiera@protonmail.com> | 2024-03-05 19:39:35 +0100 |
commit | cf9e77ef8e6c7b903c7dd5b37d3753c65b3c6a13 (patch) | |
tree | 2dff728cb7bc228cc26cf335e50568d49730a2e6 | |
parent | 39502e7aa718377973117333caeafa38f5108ae8 (diff) |
phpPackages.composer: 2.6.6 -> 2.7.1
Diff: https://github.com/composer/composer/compare/2.6.6..2.7.1 Changelog: https://github.com/composer/composer/releases/tag/2.7.1 Fix CVE: CVE-2024-24821
-rw-r--r-- | pkgs/build-support/php/hooks/composer-install-hook.sh | 26 | ||||
-rw-r--r-- | pkgs/build-support/php/hooks/composer-repository-hook.sh | 2 | ||||
-rw-r--r-- | pkgs/development/php-packages/composer/default.nix | 33 |
3 files changed, 18 insertions, 43 deletions
diff --git a/pkgs/build-support/php/hooks/composer-install-hook.sh b/pkgs/build-support/php/hooks/composer-install-hook.sh index a84a9e3aa8628..f5c93a6e3d34e 100644 --- a/pkgs/build-support/php/hooks/composer-install-hook.sh +++ b/pkgs/build-support/php/hooks/composer-install-hook.sh @@ -83,28 +83,7 @@ composerInstallBuildHook() { # Since this file cannot be generated in the composer-repository-hook.sh # because the file contains hardcoded nix store paths, we generate it here. - composer-local-repo-plugin --no-ansi build-local-repo -m "${composerRepository}" . - - # Remove all the repositories of type "composer" and "vcs" - # from the composer.json file. - jq -r -c 'del(try .repositories[] | select(.type == "composer" or .type == "vcs"))' composer.json | sponge composer.json - - # Configure composer to disable packagist and avoid using the network. - composer config repo.packagist false - # Configure composer to use the local repository. - composer config repo.composer composer file://"$PWD"/packages.json - - # Since the composer.json file has been modified in the previous step, the - # composer.lock file needs to be updated. - composer \ - --lock \ - --no-ansi \ - --no-install \ - --no-interaction \ - ${composerNoDev:+--no-dev} \ - ${composerNoPlugins:+--no-plugins} \ - ${composerNoScripts:+--no-scripts} \ - update + composer-local-repo-plugin --no-ansi build-local-repo-lock -m "${composerRepository}" . echo "Finished composerInstallBuildHook" } @@ -151,9 +130,6 @@ composerInstallInstallHook() { ${composerNoScripts:+--no-scripts} \ install - # Remove packages.json, we don't need it in the store. - rm packages.json - # Copy the relevant files only in the store. mkdir -p "$out"/share/php/"${pname}" cp -r . "$out"/share/php/"${pname}"/ diff --git a/pkgs/build-support/php/hooks/composer-repository-hook.sh b/pkgs/build-support/php/hooks/composer-repository-hook.sh index bb3017bd98c9f..ffec58e552931 100644 --- a/pkgs/build-support/php/hooks/composer-repository-hook.sh +++ b/pkgs/build-support/php/hooks/composer-repository-hook.sh @@ -63,7 +63,7 @@ composerRepositoryBuildHook() { # Build the local composer repository # The command 'build-local-repo' is provided by the Composer plugin # nix-community/composer-local-repo-plugin. - composer-local-repo-plugin --no-ansi build-local-repo ${composerNoDev:+--no-dev} -r repository + composer-local-repo-plugin --no-ansi build-local-repo-lock ${composerNoDev:+--no-dev} -r repository echo "Finished composerRepositoryBuildHook" } diff --git a/pkgs/development/php-packages/composer/default.nix b/pkgs/development/php-packages/composer/default.nix index 8a626f46181a8..1f9a16b197bec 100644 --- a/pkgs/development/php-packages/composer/default.nix +++ b/pkgs/development/php-packages/composer/default.nix @@ -1,11 +1,22 @@ -{ lib, callPackage, fetchFromGitHub, fetchpatch, php, unzip, _7zz, xz, git, curl, cacert, makeBinaryWrapper }: +{ lib +, callPackage +, fetchFromGitHub +, php +, unzip +, _7zz +, xz +, git +, curl +, cacert +, makeBinaryWrapper +}: php.buildComposerProject (finalAttrs: { # Hash used by ../../../build-support/php/pkgs/composer-phar.nix to # use together with the version from this package to keep the # bootstrap phar file up-to-date together with the end user composer # package. - passthru.pharHash = "sha256-cmACAcc8fEshjxwFEbNthTeWPjaq+iRHV/UjCfiFsxQ="; + passthru.pharHash = "sha256-H/0L4/J+I3sa5H+ejyn5asf1CgvZ7vT4jNvpTdBL//A="; composer = callPackage ../../../build-support/php/pkgs/composer-phar.nix { inherit (finalAttrs) version; @@ -13,27 +24,15 @@ php.buildComposerProject (finalAttrs: { }; pname = "composer"; - version = "2.6.6"; + version = "2.7.1"; src = fetchFromGitHub { owner = "composer"; repo = "composer"; rev = finalAttrs.version; - hash = "sha256-KsTZi7dSlQcAxoen9rpofbptVdLYhK+bZeDSXQY7o5M="; + hash = "sha256-OThWqY3m/pIas4qvR/kiYgc/2QrAbnsYEOxpHxKhDfM="; }; - patches = [ - (fetchpatch { - name = "CVE-2024-24821.patch"; - url = "https://github.com/composer/composer/commit/77e3982918bc1d886843dc3d5e575e7e871b27b7.patch"; - hash = "sha256-Q7gkPLf59+p++DpfJZeOrAOiWePuGkdGYRaS/rK+Nv4="; - excludes = [ - # Skipping test files, they are not included in the source tarball - "tests/*" - ]; - }) - ]; - nativeBuildInputs = [ makeBinaryWrapper ]; postInstall = '' @@ -41,7 +40,7 @@ php.buildComposerProject (finalAttrs: { --prefix PATH : ${lib.makeBinPath [ _7zz cacert curl git unzip xz ]} ''; - vendorHash = "sha256-50M1yeAKl9KRsjs34cdb5ZTBFgbukgg0cMtHTYGJ/EM="; + vendorHash = "sha256-NJa6nu60HQeBJr7dd79ATptjcekgY35Jq9V40SrN9Ds"; meta = { changelog = "https://github.com/composer/composer/releases/tag/${finalAttrs.version}"; |