Browse Source

Minimal documentation updates

Pádraic Brady 11 năm trước cách đây
mục cha
commit
69bbe0918d
2 tập tin đã thay đổi với 35 bổ sung1 xóa
  1. 11 1
      doc/00-intro.md
  2. 24 0
      doc/03-cli.md

+ 11 - 1
doc/00-intro.md

@@ -121,7 +121,9 @@ composer.phar:
     C:\Users\username>cd C:\bin
     C:\Users\username>cd C:\bin
     C:\bin>php -r "readfile('https://getcomposer.org/installer');" | php
     C:\bin>php -r "readfile('https://getcomposer.org/installer');" | php
 
 
-> **Note:** If the above fails due to readfile, use the `http` url or enable php_openssl.dll in php.ini
+> **Note:** If the above fails due to readfile, enable php_openssl.dll in php.ini.
+> You may use the http URL, however this will leave the request susceptible to a
+> Man-In-The-Middle (MITM) attack.
 
 
 Create a new `composer.bat` file alongside `composer.phar`:
 Create a new `composer.bat` file alongside `composer.phar`:
 
 
@@ -152,6 +154,14 @@ run this instead:
 Following the [example above](#declaring-dependencies), this will download
 Following the [example above](#declaring-dependencies), this will download
 monolog into the `vendor/monolog/monolog` directory.
 monolog into the `vendor/monolog/monolog` directory.
 
 
+> **Note:** Composer will attempt to protect all HTTPS requests using SSL/TLS. It
+> implements peer verification using a certificate bundle, either one installed on
+> the local system or a copy distributed with Composer. You may also pass the path
+> to a bundle using the --cafile option for most commands. While you can also
+> disable peer verification by passing the --disable-tls option, this is not
+> recommended and will leave all downloads susceptible to Man-In-The-Middle (MITM)
+> attacks.
+
 ## Autoloading
 ## Autoloading
 
 
 Besides downloading the library, Composer also prepares an autoload file that's
 Besides downloading the library, Composer also prepares an autoload file that's

+ 24 - 0
doc/03-cli.md

@@ -88,6 +88,8 @@ resolution.
 * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster
 * **--optimize-autoloader (-o):** Convert PSR-0/4 autoloading to classmap to get a faster
   autoloader. This is recommended especially for production, but can take
   autoloader. This is recommended especially for production, but can take
   a bit of time to run so it is currently not done by default.
   a bit of time to run so it is currently not done by default.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## update
 ## update
 
 
@@ -125,6 +127,8 @@ You can also use wildcards to update a bunch of packages at once:
   lock file being out of date.
   lock file being out of date.
 * **--with-dependencies** Add also all dependencies of whitelisted packages to the whitelist.
 * **--with-dependencies** Add also all dependencies of whitelisted packages to the whitelist.
   So all packages with their dependencies are updated recursively.
   So all packages with their dependencies are updated recursively.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## require
 ## require
 
 
@@ -151,6 +155,8 @@ to the command.
   terminals or scripts which don't handle backspace characters.
   terminals or scripts which don't handle backspace characters.
 * **--update-with-dependencies** Also update dependencies of the newly
 * **--update-with-dependencies** Also update dependencies of the newly
   required packages.
   required packages.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## global
 ## global
 
 
@@ -183,6 +189,8 @@ You can also search for more than one term by passing multiple arguments.
 ### Options
 ### Options
 
 
 * **--only-name (-N):** Search only in name.
 * **--only-name (-N):** Search only in name.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## show
 ## show
 
 
@@ -220,6 +228,8 @@ specific version.
 * **--installed (-i):** List the packages that are installed.
 * **--installed (-i):** List the packages that are installed.
 * **--platform (-p):** List only platform packages (php & extensions).
 * **--platform (-p):** List only platform packages (php & extensions).
 * **--self (-s):** List the root package info.
 * **--self (-s):** List the root package info.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## depends
 ## depends
 
 
@@ -284,6 +294,8 @@ you may have to run the command with `root` privileges
 
 
 * **--rollback (-r):** Rollback to the last version you had installed.
 * **--rollback (-r):** Rollback to the last version you had installed.
 * **--clean-backups:** Delete old backups during an update. This makes the current version of composer the only backup available after the update.
 * **--clean-backups:** Delete old backups during an update. This makes the current version of composer the only backup available after the update.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## config
 ## config
 
 
@@ -368,6 +380,8 @@ By default the command checks for the packages on packagist.org.
 * **--keep-vcs:** Skip the deletion of the VCS metadata for the created
 * **--keep-vcs:** Skip the deletion of the VCS metadata for the created
   project. This is mostly useful if you run the command in non-interactive
   project. This is mostly useful if you run the command in non-interactive
   mode.
   mode.
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
 
 
 ## dump-autoload
 ## dump-autoload
 
 
@@ -406,6 +420,11 @@ problems.
 
 
     $ php composer.phar diagnose
     $ php composer.phar diagnose
 
 
+### Options
+
+* **--disable-tls:** Display SSL/TLS peer verification.
+* **--cafile:** If specified, use the given certificate file for SSL/TLS peer verification.
+
 ## archive
 ## archive
 
 
 This command is used to generate a zip/tar archive for a given package in a
 This command is used to generate a zip/tar archive for a given package in a
@@ -525,6 +544,11 @@ By default it points to $COMPOSER_HOME/cache on \*nix and OSX, and
 This env var controls the time composer waits for commands (such as git
 This env var controls the time composer waits for commands (such as git
 commands) to finish executing. The default value is 300 seconds (5 minutes).
 commands) to finish executing. The default value is 300 seconds (5 minutes).
 
 
+### COMPOSER_CAFILE
+
+By setting this environmental value, you can set a path to a certificate bundle
+file to be used during SSL/TLS peer verification.
+
 ### COMPOSER_DISCARD_CHANGES
 ### COMPOSER_DISCARD_CHANGES
 
 
 This env var controls the discard-changes [config option](04-schema.md#config).
 This env var controls the discard-changes [config option](04-schema.md#config).