Incorrect SHA-384 on installation page
fabswt opened this issue · comments
The download page currently lists this code:
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('sha384', 'composer-setup.php') === 'c5b9b6d368201a9db6f74e2611495f369991b72d9c8cbd3ffbc63edff210eb73d46ffbfce88669ad33695ef77dc76976') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
Mind the hash value.
However, install then fails with:
Installer corrupt
…
Could not open input file: composer-setup.php
The pubkeys page lists a different, correct, SHA-384 checksum:
e0012edf3e80b6978849f5eff0d4b4e4c79ff1609dd1e613307e16318854d24ae64f26d17af3ef0bf7cfb710ca74755a
Indeed, with this checksum, the installation does work.
P.S.: for anyone wanting to check the value manually themselves…
php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
shasum -a 384 composer-setup.php
Ah crap sorry forgot the last deploy step.. leaving this open until I figure out how to prevent this in the future. But the immediate problem is fixed.
Hi guys, I think the code on the web page is wrong again. The installer has this checksum ae780b40779de28dd3262fe1c98c300d1205bab809ef91d3d49756ad24917c2529b1250814e46414445c8e27c7327917. The page shows this 756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3.