Merge remote-tracking branch 'edas/exception-on-broken-signature'

src/Composer/Repository/ComposerRepository.php

@@ -468,8 +468,8 @@ class ComposerRepository extends ArrayRepository implements StreamableRepository
                         continue;
                     }
 
-                    // TODO throw SecurityException and abort once we are sure this can not happen accidentally
                     $this->io->write('<warning>The contents of '.$filename.' do not match its signature, this is most likely due to a temporary glitch but could indicate a man-in-the-middle attack. Try running composer again and please report it if it still persists.</warning>');
+                    throw new RepositorySecurityException('The contents of '.$filename.' do not match its signature');
                 }
                 $data = JsonFile::parseJson($json, $filename);
                 $this->cache->write($cacheKey, $json);

src/Composer/Repository/RepositorySecurityException.php

@@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file is part of Composer.
+ *
+ * (c) 
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Composer\Repository;
+
+/**
+ * Thrown when a security problem, like a broken or missing signature
+ *
+ * @author Eric Daspet <edaspet@survol.fr>
+ */
+class RepositorySecurityException extends \Exception
+{
+	// nothing more, standard Exception
+}