• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved composer phar has a broken signature

Edi Duluman

Edi Duluman

Basic Pleskian
Hello!

I haven't used composer to install stuff for a while now ... but since I just had to install something with it today, I stumbled upon the following error:

PHP Fatal error: Uncaught exception 'PharException' with message 'phar "/usr/lib/plesk-9.0/composer.phar" has a broken signature' in /usr/lib/plesk-9.0/composer.phar:23
Stack trace:
#0 /usr/lib/plesk-9.0/composer.phar(23): Phar::mapPhar('composer.phar')
#1 {main}
thrown in /usr/lib/plesk-9.0/composer.phar on line 23
Click to expand...

Note that I am already at the latest version of Plesk 17.8.11 #22 ( and I already seen that KB article which I've tried ).
First point from the workarounds ( given updating did not help ) returns in another error, saying path doesn't exist after returning that composermng.py file, whereas the second point ends up with an installer corrupt error message ..

Also need to mentiont that this happens on all 5 of my servers ... even if they are all updated to #22. Running on Debian 8.11
 
Hello Edi,
try to reinstall composer with these steps:
Code: 
# cd /usr/lib/plesk-9.0/
Code: 
# php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
Code: 
# php -r "if (hash_file('SHA384', 'composer-setup.php') === 'e115a8dc7871f15d853148a7fbac7da27d6c0030b848d9b3dc09e2a0388afed865e6a3d6b3c0fad45c48e2b5fc1196ae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
Code: 
# php composer-setup.php
Code: 
# php -r "unlink('composer-setup.php');"
 
Step 3, just like I tried from the KB, returns installer corrupt. So, by checking sha384 myself I got the following::

Code: 
php -r "echo hash_file('SHA384', 'composer-setup.php' );"
93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8

Which is different from the one you gave me but probably because their file changed meanwhile.. anyway, I went on and ran the instructions without that check.

So, for whoever gets into that issue, just skip the step and make sure the composer setup file is actually from their site, and not some malware.
 
Last edited:
You must log in or register to reply here.

Similar threads

hschramm
Forwarded to devs Phar Binary broken signature (PHP 7.1 - 8.2)
Replies
2
Views
2K
azurro
A
S
Issue PHP Composer issue trying to install GoCardless library
Replies
1
Views
956
Simon1
S
N
Issue Signature for Composer breaks regularly
Replies
0
Views
1K
nielsk
N
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
7
Views
4K
grizlyadams
G
D
Resolved Problems after updating Plesk to version 18.0.57 on AlmaLinux 8.8
Replies
4
Views
2K
Peter Debik
P
Back
Top