Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.Problem/Motivation
After install the 2.7 version we have the issue "HTTPS must be enabled for Composer downloads." How we see the issue appears on ComposerSettingsValidator.php in Version 2.6 it was working. The problem the $setting is now converted to int, the getConfig returns a "true" so is converted wrong and the check on setting !== 1 is not working.
Steps to reproduce
In version 2.7 the check was written like bellow
public function validateStagePreOperation(PreOperationStageEvent $event): void {
$dir = $this->pathLocator->getProjectRoot();
try {
$setting = (int) $this->inspector->getConfig('secure-http', $dir);
}
catch (\Exception $exception) {
$event->addErrorFromThrowable($exception, $this->t('Unable to determine Composer secure-http setting.'));
return;
}
if ($setting !== 1) {
$event->addError([
$this->t('HTTPS must be enabled for Composer downloads. See <a href=":url">the Composer documentation</a> for more information.', [
':url' => 'https://getcomposer.org/doc/06-config.md#secure-http',
]),
]);
}
}
In version 2.6 the check was written like bellow
public function validateStagePreOperation(PreOperationStageEvent $event): void {
$config = $event->getStage()
->getActiveComposer()
->getComposer()
->getConfig();
if ($config->get('secure-http') !== TRUE) {
$event->addError([
$this->t('HTTPS must be enabled for Composer downloads. See <a href=":url">the Composer documentation</a> for more information.', [
':url' => 'https://getcomposer.org/doc/06-config.md#secure-http',
]),
]);
}
}
Proposed resolution
Change the getConfig and return correct the true / false or change the check "if ($setting !== 1) {"
Remaining tasks
User interface changes
API changes
Data model changes
Issue fork automatic_updates-3354827
Show commands
Start within a Git clone of the project using the version control instructions.
Or, if you do not have SSH keys set up on git.drupalcode.org:
changes
Comments
Comment #2
wim leersThis is due to a change in Composer 2.5.5. See #3351594: As of Composer 2.5.5, `composer config` JSON-encodes boolean values.
For now, the best work-around is to stay on composer <=2.5.4.
Comment #3
cola commentedHi Wim Leers, we use Composer Version: 2.5.4 2023-02-15 13:10:06
Comment #4
wim leersAh 😅 Weird that this is only reported now then, so many months after release. But not impossible.
We're actively working on the
3.xbranch though, so I'm not sure if we'll fix this any time soon. Will ping @tedbow.Comment #5
cola commentedWe use right now version 2.6 which is working with this composer version!
Comment #6
wim leersHm … how sure are you that it really is version 2.5.4 that is being used? 😅 Any chance there's 2 different Composers installed? 🤓
Opened #3354914: Package Manager should have status report entry to inform user of Composer version being used to make it easier in the future to have 100% confidence about the Composer version being used.
Comment #7
tedbow@cola I think the solution would be to backport #3351594: As of Composer 2.5.5, `composer config` JSON-encodes boolean values(tests and all). Right now I don't know how different
ComposerInspectoris but if they are not that different it might now be hard.It seems like you should be only hitting this if you are on Composer 2.5.5 but regardless people will start to hit this on 8.x-2.x as they upgrade.
re #4
Our scrum team is working on 3.x but @cola if you wanted to backport this we could review and commit.
Backporting at least would tell you if it fixes your problem
Comment #8
cola commented@wim-leers youre right, drupal / symfony execute it with 2.5.5 2023-03-21 11:50:05
@tedbow would be nice if you can backport it on 2.x version
Comment #9
wim leers@cola: thanks for checking! 🙏
We need to favor project velocity right now, so if you could downgrade to Composer 2.5.4 for now, that'd be wonderful 🤞
Comment #10
cola commented@wim-leers we cannot downgrade it, another dependency on this version :) but we will use the release 2.6 with this version is working!
Comment #11
wim leersHuh! Is there something that requires Composer 2.5.5 on your system? What could that be? 🤔 Fascinating! 🤓
Comment #12
tedbowWe can review and commit any work done on this issue to backport #3351594: As of Composer 2.5.5, `composer config` JSON-encodes boolean values to 2.x.
Comment #13
tedbowComment #14
tedbow@yash.rode, could backport the fix in #3351594: As of Composer 2.5.5, `composer config` JSON-encodes boolean values from the 3.0.x branch to the 8.x-2.x branch? I should hopefully just be bringing the changes from this commit https://git.drupalcode.org/project/automatic_updates/-/commit/1f8516c0a2...
Comment #17
yash.rode commentedComment #21
yash.rode commentedComment #23
yash.rode commentedOnce the blocker is in MR 861 will also start passing.
Comment #24
tedbowComment #25
yash.rode commentedwaiting for tests to pass, once it is green can be reviewed.
Comment #26
yash.rode commentedBlocker is in!
Comment #27
wim leersComment #29
tedbow@yash.rode, @Wim Leers thanks for getting this and the blockers fixed!
@cola if this is still an issue for you please let us know if it fixes it for you
Comment #30
tedbow