Stabilize Composer

[ktomk]

IIRC minimum stability is alpha only because of composer. At 4th of April (or around that day) composer finally went stable and 2.0.5 yet still has the alpha version tagged, doesn't it?

So I think it would be worth to move to ^1.0.0, we did this in magerun as well the last month and it's just straight forward.

[piotrekkaminski]

+1

[thaiphan]

I was trying to use the path repository feature in Composer but wasn't able to until I manually updated Composer. Would be good if Magento updates Composer for us.

[ktomk]

Stabilizing composer is not yet possible because one of its dependencies, magento/composer 1.0.3, pins the composer version to 1.0.0-beta1. I therefore opened a PR to get magento/composer 1.0.4 with a stabilized composer requirement so to become able to update here.

[hostep]

Hi guys

Another vote for stabilizing composer/composer.

We run into an issue on our hosting with Magento 2.1-rc2, because Magento ships with version 1.0.0-beta1

When we try to login to our backend, a PHP warning is thrown:

Warning: is_dir(): open_basedir restriction in effect. File(/etc/pki/tls/certs) is not within the allowed path(s): (/var/www/example.com:/var/www/example.com/wwwroot:/usr/share/pear:/usr/share/php:/usr/share/phpmyadmin:/tmp:/usr/local/lib/php:/usr/share/misc) in /var/www/example.com/wwwroot/vendor/composer/composer/src/Composer/Util/RemoteFilesystem.php on line 914
#1 /var/www/example.com/wwwroot/vendor/composer/composer/src/Composer/Util/RemoteFilesystem.php(915): is_dir('/etc/pki/tls/ce...')
#2 /var/www/example.com/wwwroot/vendor/composer/composer/src/Composer/Util/RemoteFilesystem.php(801): Composer\Util\RemoteFilesystem->getSystemCaRootBundlePath()
#3 /var/www/example.com/wwwroot/vendor/composer/composer/src/Composer/Util/RemoteFilesystem.php(61): Composer\Util\RemoteFilesystem->getTlsDefaults(Array)
...

This happens because in version 1.0.0-beta1 of composer this line fails:
https://github.com/composer/composer/blob/1.0.0-beta1/src/Composer/Util/RemoteFilesystem.php#L914

In a later version (not exactly sure which one) it was fixed by adding an @ sign in front of the is_dir function call:
https://github.com/composer/ca-bundle/blob/205ee8426c0461c9ab14712069ed5c92a7518646/src/CaBundle.php#L115

If we manually add the @ sign to the composer source files, our open_basedir problem is fixed

Please, consider putting a stable composer/composer version in Magento 2.1 GA, so we can actually run it on our hosting.

Thanks!

[hostep]

@piotrekkaminski: can you try to get this change into Magento 2.1 GA?

We currently work around it by changing this line in our composer.json file:

"composer/composer": "@alpha"

to:

"composer/composer": "1.1.2 as 1.0.0-beta1",

Which gets us around the issue, but it feels a bit like a hack.

We've been using it for about a week now, and haven't noticed any downsides to it yet.

[tkn98]

It would be tremendously great in our eyes if we could see some traction here.

[AydinHassan]

Chiming it to get some action on this. Composer was stable ages ago - it would be nice to not have to include alpha software (even if I don't doubt the quality of Composer).