• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Resolved composer phar has a broken signature

Edi Duluman

Edi Duluman

Basic Pleskian
Hello!

I haven't used composer to install stuff for a while now ... but since I just had to install something with it today, I stumbled upon the following error:

PHP Fatal error: Uncaught exception 'PharException' with message 'phar "/usr/lib/plesk-9.0/composer.phar" has a broken signature' in /usr/lib/plesk-9.0/composer.phar:23
Stack trace:
#0 /usr/lib/plesk-9.0/composer.phar(23): Phar::mapPhar('composer.phar')
#1 {main}
thrown in /usr/lib/plesk-9.0/composer.phar on line 23
Click to expand...

Note that I am already at the latest version of Plesk 17.8.11 #22 ( and I already seen that KB article which I've tried ).
First point from the workarounds ( given updating did not help ) returns in another error, saying path doesn't exist after returning that composermng.py file, whereas the second point ends up with an installer corrupt error message ..

Also need to mentiont that this happens on all 5 of my servers ... even if they are all updated to #22. Running on Debian 8.11
 
Hello Edi,
try to reinstall composer with these steps:
Code: 
# cd /usr/lib/plesk-9.0/
Code: 
# php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
Code: 
# php -r "if (hash_file('SHA384', 'composer-setup.php') === 'e115a8dc7871f15d853148a7fbac7da27d6c0030b848d9b3dc09e2a0388afed865e6a3d6b3c0fad45c48e2b5fc1196ae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
Code: 
# php composer-setup.php
Code: 
# php -r "unlink('composer-setup.php');"
 
Step 3, just like I tried from the KB, returns installer corrupt. So, by checking sha384 myself I got the following::

Code: 
php -r "echo hash_file('SHA384', 'composer-setup.php' );"
93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8

Which is different from the one you gave me but probably because their file changed meanwhile.. anyway, I went on and ran the instructions without that check.

So, for whoever gets into that issue, just skip the step and make sure the composer setup file is actually from their site, and not some malware.
 
Last edited:
You must log in or register to reply here.

Similar threads

hschramm
Forwarded to devs Phar Binary broken signature (PHP 7.1 - 8.2)
Replies
2
Views
1K
azurro
A
S
Issue PHP Composer issue trying to install GoCardless library
Replies
1
Views
616
Simon1
S
N
Issue Signature for Composer breaks regularly
Replies
0
Views
885
nielsk
N
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
D
Resolved Problems after updating Plesk to version 18.0.57 on AlmaLinux 8.8
Replies
4
Views
1K
Peter Debik
P
Back
Top