Problem/Motivation

Right now, ComposerSettingsValidator invokes the Composer API to get the secure-http config value. Therefore, it relies on the presence of the Composer API, which is something we're hoping to move away from.

Proposed resolution

Extract the value of the secure-http config value by running composer config secure-http and parsing the output.

Issue fork automatic_updates-3316668

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

phenaproxima created an issue. See original summary.

phenaproxima opened merge request !551

phenaproxima’s picture

phenaproxima
he/him
Primary language English
Location Massachusetts
commented
Status: Active » Needs review

phenaproxima opened merge request !567

phenaproxima closed merge request !551

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Needs review » Needs work
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Issue tags: +core-mvp
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: Unassigned » traviscarden
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Issue tags: +sprint
traviscarden’s picture

traviscarden commented
Assigned: traviscarden » Unassigned
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: Unassigned » tedbow

@tedbow @TravisCarden On November 14, this was assigned to Travis for <4 hours. Without context as to why it was assigned to him, nor why it was unassigned. Can we please get clarity on this? 🙏

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: tedbow » Unassigned

#11 not sure why now 😔

There are no MR comments awaiting replies from @TravisCarden. He made some suggestions on the issue but I think others could implement this.

wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Component: Code » Package Manager
Issue tags: +Composer, +Security improvements

#12: k, thanks!

I think this qualifies as a security improvement because it makes it less likely that PM/AU will reach the wrong conclusion if composer's configuration structure changes in the future: composer config secure-http SHOULD provide BC.

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: Unassigned » tedbow
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Issue tags: +Needs tests

We need a test on ComposerInspector at least. I haven't checked further

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Related issues: +#3320792: Make build tests fail 1) more explicitly, 2) earlier when possible (failing StatusCheckEvent subscribers)

Not blocking on #3320792: Make build tests fail 1) more explicitly, 2) earlier when possible (failing StatusCheckEvent subscribers) but I have brought in a change from there because it makes debugging build tests easier.

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: tedbow » Unassigned

Going to stop working on this so I can get some of the other child issues of #3316368: Remove our runtime dependency on composer/composer: remove ComposerUtility

Anyone else can review my work and try to get these tests passing

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Priority: Normal » Major
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: Unassigned » tedbow

I still trying to get the test to pass

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Assigned: tedbow » Unassigned

Tests are passing. I brought in some changes from 3320792-build-status-report that need to be removed. Also add a couple other comments on the MR

yash.rode’s picture

yash.rode commented
Assigned: Unassigned » yash.rode
yash.rode’s picture

yash.rode commented
Assigned: yash.rode » Unassigned
Status: Needs work » Needs review
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: Unassigned » yash.rode
Status: Needs review » Needs work

12 remarks in MR, ~50% of which are nits. But there definitely are more tests to be written still! 😊

yash.rode’s picture

yash.rode commented
Assigned: yash.rode » wim leers
Status: Needs work » Needs review
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: wim leers » Unassigned
Status: Needs review » Needs work
Issue tags: -Needs tests

Almost there!

Needs work for a bit of missing test coverage plus a formatting nit.

I left two questions on the merge request for @tedbow that you don't have to address, @yash.rode.

yash.rode’s picture

yash.rode commented
Assigned: Unassigned » wim leers
Status: Needs work » Needs review
wim leers’s picture

wim leers
Location Ghent 🇧🇪🇪🇺
commented
Assigned: wim leers » tedbow
Status: Needs review » Reviewed & tested by the community

For some reason your boo-far made me laugh out loud 🤣👍

RTBC — with two questions for @tedbow 😊

tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented

Because of #3337697: Custom commands fail for 7.4 I am going to run tests on 9.5 without code checks assuming if code checks are ok on 10.1 they are will be ok on 9.5. Also we aren't merging into 9.5 core

  • d1ca120e committed on 8.x-2.x 
    Issue #3316668 by tedbow, phenaproxima, yash.rode, Wim Leers,...
tedbow’s picture

tedbow
he/him
Primary language English
Location Ithaca, NY, USA
commented
Status: Reviewed & tested by the community » Fixed

🎉

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.