feat: Deprecate OpenSSL signing (#1100)

Closes #878.
box-project · Oct 22, 2023 · 39cb985 · 39cb985
1 parent be50c99
commit 39cb985
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 7 deletions.
diff --git a/src/Configuration/Configuration.php b/src/Configuration/Configuration.php
@@ -2280,6 +2280,13 @@ private static function retrieveSigningAlgorithm(stdClass $raw, ConfigurationLog
             self::addRecommendationForDefaultValue($logger, self::ALGORITHM_KEY);
         }
 
+        if (Phar::OPENSSL === $algorithm) {
+            $logger->addWarning(
+                'Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check '
+                .'https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.',
+            );
+        }
+
         return $algorithm;
     }
 

diff --git a/tests/Configuration/ConfigurationSigningTest.php b/tests/Configuration/ConfigurationSigningTest.php
@@ -243,7 +243,12 @@ public function test_the_key_can_be_configured(): void
         self::assertFalse($this->config->promptForPrivateKey());
 
         self::assertSame([], $this->config->getRecommendations());
-        self::assertSame([], $this->config->getWarnings());
+        self::assertSame(
+            [
+                'Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.',
+            ],
+            $this->config->getWarnings(),
+        );
     }
 
     public function test_the_key_pass_can_be_configured(): void
@@ -261,7 +266,12 @@ public function test_the_key_pass_can_be_configured(): void
         self::assertTrue($this->config->promptForPrivateKey());
 
         self::assertSame([], $this->config->getRecommendations());
-        self::assertSame([], $this->config->getWarnings());
+        self::assertSame(
+            [
+                'Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.',
+            ],
+            $this->config->getWarnings(),
+        );
 
         foreach ([false, null] as $keyPass) {
             $this->setConfig([
@@ -281,7 +291,12 @@ public function test_the_key_pass_can_be_configured(): void
                 );
             }
 
-            self::assertSame([], $this->config->getWarnings());
+            self::assertSame(
+                [
+                    'Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.',
+                ],
+                $this->config->getWarnings(),
+            );
         }
 
         $this->setConfig([
@@ -295,7 +310,12 @@ public function test_the_key_pass_can_be_configured(): void
         self::assertFalse($this->config->promptForPrivateKey());
 
         self::assertSame([], $this->config->getRecommendations());
-        self::assertSame([], $this->config->getWarnings());
+        self::assertSame(
+            [
+                'Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.',
+            ],
+            $this->config->getWarnings(),
+        );
     }
 
     public static function passFileFreeSigningAlgorithmProvider(): iterable

diff --git a/tests/Console/Command/CompileTest.php b/tests/Console/Command/CompileTest.php
@@ -281,7 +281,8 @@ public function test_it_can_build_a_phar_file(): void
             * Done.
 
             No recommendation found.
-            No warning found.
+            ⚠️  <warning>1 warning found:</warning>
+                - Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.
 
              // PHAR: {$numberOfFiles} files (100B)
              // You can inspect the generated PHAR with the "info" command.
@@ -897,7 +898,8 @@ public function test_it_can_build_a_phar_file_in_verbose_mode(): void
             * Done.
 
             No recommendation found.
-            No warning found.
+            ⚠️  <warning>1 warning found:</warning>
+                - Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.
 
              // PHAR: {$expectedNumberOfFiles} files (100B)
              // You can inspect the generated PHAR with the "info" command.
@@ -1026,7 +1028,8 @@ public function test_it_can_build_a_phar_file_in_very_verbose_mode(): void
             * Done.
 
             No recommendation found.
-            No warning found.
+            ⚠️  <warning>1 warning found:</warning>
+                - Using an OpenSSL signature is deprecated and will be removed in 5.0.0. Please check https://github.com/box-project/box/blob/main/doc/phar-signing.md for alternatives.
 
              // PHAR: {$expectedNumberOfFiles} files (100B)
              // You can inspect the generated PHAR with the "info" command.