Bug 27602 - composer, a PHP dependancy manager. NEW PACKAGE REQUEST
Summary: composer, a PHP dependancy manager. NEW PACKAGE REQUEST
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: New RPM package request (show other bugs)
Version: Cauldron
Hardware: All Linux
Priority: Normal enhancement
Target Milestone: ---
Assignee: All Packagers
QA Contact:
URL: https://getcomposer.org/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-11-14 13:58 CET by Xuo
Modified: 2021-01-11 19:59 CET (History)
3 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Xuo 2020-11-14 13:58:03 CET 
Hi,

I reproduce the post I've created on the Mageia forum (https://www.mageialinux-online.org/forum/topic-28093+ne-devrait-il-pas-y-avoir-un-fichier-composer-phar-dans-l-installation-de-phpmyadmin-e.php)

I wanted to install the 2 factor authentication on phpmyadmin.
To achieve this, I had to install pragmarx/google2fa.
But no composer nor composer.phar file is available in the phpmyadmin install.

Is it possible to add a composer.phar file in the phpmyadmin installation path in order to be able to add some modules without being obliged to retrieve the file composer.phar from https://getcomposer.org/download/ with the risk of installing extra modules and/or modules not compatible with our current version of phpmyadmin ?

Regards.

Xuo.
Comment 1 Lewis Smith 2020-11-14 20:34:35 CET 
This does not look like a PHPmyadmin specific requirement, but more general:
 https://www.mageialinux-online.org/forum/topic-28093-1+ne-devrait-il-pas-y-avoir-un-fichier-composer-phar-dans-l-installation-de-phpmyadmin-e.php#m276067
--------------------------
The file 'composer.phar' seems to be the application, cited as being in for  example /usr/local/bin/ .

 https://getcomposer.org/
"A Dependency Manager for PHP"
PHAR = PHP archive.

 https://getcomposer.org/doc/00-intro.md
Introduction
 Installation - Linux / Unix / macOS
 "globally as a system wide executable."
  Global installation
"You can place the Composer PHAR anywhere you wish. If you put it in a directory that is part of your PATH, you can access it globally. On Unix systems you can even make it executable and invoke it without directly using the php interpreter.

After running the installer following the Download page instructions:
 https://getcomposer.org/download/
you can run this to move composer.phar to a directory that is in your path:
 mv composer.phar /usr/local/bin/composer "
 
 https://pragmarx.com/#/
PHP Repositories
  Google2FA v7.0.0
pragmarx/google2fa
A One Time Password Authentication package, compatible with Google Authenticator.

Can you (Xuo, papoteur) please confirm that my interpretation is correct before launching this request. I think it is fair to limit that to Cauldron, since M7 is due for replacement, and Xuo has installed it all himself on M7.
----------
As for the extra files you refer to in your MLO post, try renaming them, and see whether it still works. Then delete those that you find redundant.

Version: 7 => Cauldron
Summary: Shouldn't be available a composer.phar file when installing phpmyadmin? => composer, a PHP dependancy manager. NEW PACKAGE REQUEST
CC: (none) => lewyssmith, yves.brungard_mageia
URL: (none) => https://getcomposer.org/

Comment 2 papoteur 2020-11-14 22:54:14 CET 
Yes Lewis, this is also what I understand.
composer.phar is an archive file, thus the code is readable.
Comment 3 Xuo 2020-11-15 11:21:13 CET 
Hi,

Yes I think we can do what you suggest ie install composer.phar somewhere so that it will be available to anybody anytime.
But I'm not sure /usr/local/bin is a correct place as I don't think it is in the PATH env var by default. /usr/bin would be a better place.

Regards.

Xuo.

CC: (none) => xuoy

Comment 4 Lewis Smith 2020-11-15 19:23:18 CET 
Thank you both for your confirmations.

Assigning this package request to all packagers collectively. On a voluntary basis, one of them might, if there are no license or other legal issues, want to integrate it to the distribution and maintain it for bug and security fixes.

You Xuo might also want to join the packager team to maintain this piece of software: see https://wiki.mageia.org/en/Becoming_a_Mageia_Packager

Component: RPM Packages => New RPM package request
Assignee: bugsquad => pkg-bugs
CC: lewyssmith => (none)

Comment 5 Marc Krämer 2021-01-09 12:38:22 CET 
@Xuo: patched version of phpmyadmin is already on mirrors. There is no need to do this via composer.

As composer is just a phar which must be downloaded, I'm not sure if we really need this.
Another problem with all theses "depende ncy managers" is, that they interfer with our package management. I'm not sure if this is solved e.g. for pip or others.

From my personal view, I think they look handy, but you end up with another package management for each project and you need to keep them updated in case of security holes. But I see many projects use them, so maybe we should just add this phar too.

CC: (none) => mageia

Comment 6 Xuo 2021-01-10 15:34:38 CET 
Hi,

When you say that a patched version of phpmyadmin is on the mirrors, do you mean that the plugin pragmarx/google2fa will be included by default ?

Regards.

Xuo.
Comment 7 Marc Krämer 2021-01-11 09:42:20 CET 
@Xuo: exactly.
Comment 8 Xuo 2021-01-11 19:59:10 CET 
Hi,

Thank you very much. I close the ticket.

Regards.

Xuo.

Resolution: (none) => FIXED
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.