fixes

.gitlab-ci.yml

@@ -11,6 +11,7 @@ variables:
   DOCKER_DRIVER: overlay2
 
 build_branch:
+  stage: build
   image: docker.infra.flowdat.com/fd3/sf-php:latest
   script:
     - chmod 0600 keys/*

7_0/Dockerfile

@@ -2,11 +2,11 @@ FROM debian:9
 EXPOSE 8000
 # install app
 RUN apt-get update && apt-get install -yq python curl git wget vim tmux graphviz php-cli php-mysql php-curl php-amqplib php-xml php-zip build-essential unzip php-bcmath php-mbstring mysql-client php-dom php-soap php-snmp php-intl php-gmp libcurl3-dev
-# install composer
-RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-RUN php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-RUN php composer-setup.php --install-dir=/usr/local/bin --filename=composer
-RUN php -r "unlink('composer-setup.php');"
+
+## install composer
+ADD composer.sh /opt/composer.sh
+RUN chmod +x /opt/composer.sh ; ./opt/composer.sh
+
 # add keys ssh from hosts
 RUN mkdir ~/.ssh
 RUN ssh-keyscan -H -p 22  bitbucket.org >> ~/.ssh/known_hosts

7_0/composer.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+ACTUAL_SIGNATURE="$(php -r "echo hash_file('SHA384', 'composer-setup.php');")"
+
+if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
+then
+    >&2 echo 'ERROR: Invalid installer signature'
+    rm composer-setup.php
+    exit 1
+fi
+
+php composer-setup.php --quiet --install-dir=/usr/local/bin --filename=composer
+RESULT=$?
+rm composer-setup.php
+exit $RESULT

7_1/Dockerfile

@@ -5,11 +5,11 @@ RUN apt-get update && apt-get install -yq wget apt-transport-https lsb-release c
 RUN wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
 RUN sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
 RUN apt-get update && apt-get install -yq python curl git wget vim tmux graphviz build-essential unzip mysql-client php7.1 php7.1-mysql php7.1-curl php7.1-xml php7.1-zip php7.1-bcmath php7.1-mbstring php7.1-dom php7.1-amqp php7.1-soap php7.1-snmp php7.1-intl php-gmp libcurl3-dev
+
 ## install composer
-RUN php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
-RUN php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
-RUN php composer-setup.php --install-dir=/usr/local/bin --filename=composer
-RUN php -r "unlink('composer-setup.php');"
+ADD composer.sh /opt/composer.sh
+RUN chmod +x /opt/composer.sh ; ./opt/composer.sh
+
 # add keys ssh from hosts
 RUN mkdir ~/.ssh
 RUN ssh-keyscan -H -p 22  bitbucket.org >> ~/.ssh/known_hosts

7_1/composer.sh

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+EXPECTED_SIGNATURE="$(wget -q -O - https://composer.github.io/installer.sig)"
+php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
+ACTUAL_SIGNATURE="$(php -r "echo hash_file('SHA384', 'composer-setup.php');")"
+
+if [ "$EXPECTED_SIGNATURE" != "$ACTUAL_SIGNATURE" ]
+then
+    >&2 echo 'ERROR: Invalid installer signature'
+    rm composer-setup.php
+    exit 1
+fi
+
+php composer-setup.php --quiet --install-dir=/usr/local/bin --filename=composer
+RESULT=$?
+rm composer-setup.php
+exit $RESULT