我想将 Packagist 不可用的 PHP 库(至少在正式版本中不可用)添加到我的项目中。以下是我现在正在做的事情的一个例子:
{
"repositories": [
{
"type": "package",
"package": {
"name": "fpdf/fpdf",
"version": "1.81.0",
"dist": {
"type": "zip",
"url": "http://www.fpdf.org/en/dl.php?v=181&f=zip"
},
"autoload": {
"files": ["fpdf.php"]
}
}
}
],
"require": {
"fpdf/fpdf": "1.81.0"
},
"config": {
"secure-http": false
}
}
运行$ composer install会产生如下所示的composer.lock条目:
"packages": [
{
"name": "fpdf/fpdf",
"version": "1.81.0",
"dist": {
"type": "zip",
"url": "http://www.fpdf.org/en/dl.php?v=181&f=zip",
"reference": null,
"shasum": null
},
"type": "library",
"autoload": {
"files": [
"fpdf.php"
]
}
}
据我所知,没有可用于检查zip文件完整性的数据。(我错过了什么吗?
有没有办法为 Composer 在设置项目依赖项时使用的 zip 文件指定哈希?我想确保 zip 内容没有更改并且无法篡改。
{
"repositories": [
{
"type": "package",
"package": {
"name": "fpdf/fpdf",
"version": "1.81.0",
"dist": {
"type": "zip",
"url": "http://www.fpdf.org/en/dl.php?v=181&f=zip",
"shasum" :"f832b04a5158645330d29bdb7265652dbcb6e4c3"
},
"autoload": {
"files": ["fpdf.php"]
}
}
}
],
"require": {
"fpdf/fpdf": "1.81.0"
},
"config": {
"secure-http": false
}
}
您可以将 shasum 添加到存储库设置中,如果 shasum 不同,您将在 Composer 安装期间收到异常