Página inicial Explorar Ajuda
Entrar
joker
/
composer
1
0
Fork 0
Arquivos Issues 0 Pull Requests 0 Wiki
Ver código fonte

Minimal documentation updates

Pádraic Brady 11 anos atrás
pai
49414a9790
commit
69bbe0918d
2 arquivos alterados com 35 adições e 1 exclusões
Visão dividida Mostrar estatísticas do Diff
  1. 11 1
      doc/00-intro.md
  2. 24 0
      doc/03-cli.md

+ 11 - 1
doc/00-intro.md
Ver arquivo 

@@ -121,7 +121,9 @@ composer.phar:
 
     C:\Users\username>cd C:\bin
 
     C:\bin>php -r "readfile('https://getcomposer.org/installer');" | php
 
 
-> **Note:** If the above fails due to readfile, use the `http` url or enable php_openssl.dll in php.ini
 
+> **Note:** If the above fails due to readfile, enable php_openssl.dll in php.ini.
 
+> You may use the http URL, however this will leave the request susceptible to a
 
+> Man-In-The-Middle (MITM) attack.
 
 
 Create a new `composer.bat` file alongside `composer.phar`:
 
 
@@ -152,6 +154,14 @@ run this instead:
 
 Following the [example above](#declaring-dependencies), this will download
 
 monolog into the `vendor/monolog/monolog` directory.
 
 
+> **Note:** Composer will attempt to protect all HTTPS requests using SSL/TLS. It
 
+> implements peer verification using a certificate bundle, either one installed on
 
+> the local system or a copy distributed with Composer. You may also pass the path
 
+> to a bundle using the --cafile option for most commands. While you can also
 
+> disable peer verification by passing the --disable-tls option, this is not
 
+> recommended and will leave all downloads susceptible to Man-In-The-Middle (MITM)
 
+> attacks.
 
+
 
 ## Autoloading
 
 
 Besides downloading the library, Composer also prepares an autoload file that's

+ 24 - 0
doc/03-cli.md
Ver arquivo 

@@ -88,6 +88,8 @@ resolution.
 
 * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster
 
   autoloader. This is recommended especially for production, but can take
 
   a bit of time to run so it is currently not done by default.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## update
 
 
@@ -125,6 +127,8 @@ You can also use wildcards to update a bunch of packages at once:
 
   lock file being out of date.
 
 * **--with-dependencies** Add also all dependencies of whitelisted packages to the whitelist.
 
   So all packages with their dependencies are updated recursively.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## require
 
 
@@ -151,6 +155,8 @@ to the command.
 
   terminals or scripts which don't handle backspace characters.
 
 * **--update-with-dependencies** Also update dependencies of the newly
 
   required packages.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## global
 
 
@@ -183,6 +189,8 @@ You can also search for more than one term by passing multiple arguments.
 
 ### Options
 
 
 * **--only-name (-N):** Search only in name.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## show
 
 
@@ -220,6 +228,8 @@ specific version.
 
 * **--installed (-i):** List the packages that are installed.
 
 * **--platform (-p):** List only platform packages (php & extensions).
 
 * **--self (-s):** List the root package info.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## depends
 
 
@@ -284,6 +294,8 @@ you may have to run the command with `root` privileges
 
 
 * **--rollback (-r):** Rollback to the last version you had installed.
 
 * **--clean-backups:** Delete old backups during an update. This makes the current version of composer the only backup available after the update.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## config
 
 
@@ -368,6 +380,8 @@ By default the command checks for the packages on packagist.org.
 
 * **--keep-vcs:** Skip the deletion of the VCS metadata for the created
 
   project. This is mostly useful if you run the command in non-interactive
 
   mode.
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## dump-autoload
 
 
@@ -406,6 +420,11 @@ problems.
 
 
     $ php composer.phar diagnose
 
 
+### Options
 
+
 
+* **--disable-tls:** Display SSL/TLS peer verification.
 
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
+
 
 ## archive
 
 
 This command is used to generate a zip/tar archive for a given package in a
 
@@ -525,6 +544,11 @@ By default it points to $COMPOSER_HOME/cache on \*nix and OSX, and
 
 This env var controls the time composer waits for commands (such as git
 
 commands) to finish executing. The default value is 300 seconds (5 minutes).
 
 
+### COMPOSER_CAFILE
 
+
 
+By setting this environmental value, you can set a path to a certificate bundle
 
+file to be used during SSL/TLS peer verification.
 
+
 
 ### COMPOSER_DISCARD_CHANGES
 
 
 This env var controls the discard-changes [config option](04-schema.md#config).