• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved composer phar has a broken signature

Edi Duluman

Basic Pleskian
Hello!

I haven't used composer to install stuff for a while now ... but since I just had to install something with it today, I stumbled upon the following error:

PHP Fatal error: Uncaught exception 'PharException' with message 'phar "/usr/lib/plesk-9.0/composer.phar" has a broken signature' in /usr/lib/plesk-9.0/composer.phar:23
Stack trace:
#0 /usr/lib/plesk-9.0/composer.phar(23): Phar::mapPhar('composer.phar')
#1 {main}
thrown in /usr/lib/plesk-9.0/composer.phar on line 23

Note that I am already at the latest version of Plesk 17.8.11 #22 ( and I already seen that KB article which I've tried ).
First point from the workarounds ( given updating did not help ) returns in another error, saying path doesn't exist after returning that composermng.py file, whereas the second point ends up with an installer corrupt error message ..

Also need to mentiont that this happens on all 5 of my servers ... even if they are all updated to #22. Running on Debian 8.11
 
Hello Edi,
try to reinstall composer with these steps:
Code:
# cd /usr/lib/plesk-9.0/
Code:
# php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
Code:
# php -r "if (hash_file('SHA384', 'composer-setup.php') === 'e115a8dc7871f15d853148a7fbac7da27d6c0030b848d9b3dc09e2a0388afed865e6a3d6b3c0fad45c48e2b5fc1196ae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
Code:
# php composer-setup.php
Code:
# php -r "unlink('composer-setup.php');"
 
Step 3, just like I tried from the KB, returns installer corrupt. So, by checking sha384 myself I got the following::

Code:
php -r "echo hash_file('SHA384', 'composer-setup.php' );"
93b54496392c062774670ac18b134c3b3a95e5a5e5c8f1a9f115f203b75bf9a129d5daa8ba6a13e2cc8a1da0806388a8

Which is different from the one you gave me but probably because their file changed meanwhile.. anyway, I went on and ran the instructions without that check.

So, for whoever gets into that issue, just skip the step and make sure the composer setup file is actually from their site, and not some malware.
 
Last edited:
Back
Top