how do you hotpatch a phar package? for example if i want to hotpatch
if (function_exists('posix_getuid') && posix_getuid() === 0) {
if ($commandName !== 'self-update' && $commandName !== 'selfupdate') {
$io->writeError('<warning>Do not run Composer as root/super user! See https://getcomposer.org/root for details</warning>');
from composer into
if (false && posix_getuid() === 0) {
if ($commandName !== 'self-update' && $commandName !== 'selfupdate') {
$io->writeError('<warning>Do not run Composer as root/super user! See https://getcomposer.org/root for details</warning>');
how should i do that? just editing the code normally results in
PHP Fatal error: Uncaught PharException: phar "/usr/local/bin/composer" has a broken signature in /usr/local/bin/composer:28
Stack trace:
#0 /usr/local/bin/composer(28): Phar::mapPhar()
#1 {main}
thrown in /usr/local/bin/composer on line 28
You can configure php to tell phars to not use the signature check at runtime that is causing that error.
Configure the following to false https://www.php.net/manual/en/phar.configuration.php#ini.phar.require-hash
This option will force all opened Phar archives to contain some kind of signature (currently MD5, SHA1, SHA256, SHA512 and OpenSSL are supported), and will refuse to process any Phar archive that does not contain a signature.
Edit:
Download composer source: https://github.com/composer/composer
Modify Compiler to remove hash https://github.com/composer/composer/blob/575fbfb53fcc2388916d554271c99c8281fea782/src/Composer/Compiler.php#L81
You will need to recompile composer using the compile command and run with phar.require-hash=0
first unpack the phar:
rm -rfv unpacked;
mkdir unpacked;
php --define open_basedir= --define phar.readonly=0 -r '(new Phar("composer.phar"))->convertToExecutable(Phar::TAR,Phar::NONE)->extractTo("unpacked/");'
then do your patching in the unpacked dir, in your case unpacked/src/Composer/Console/Application.php
, then re-pack the phar:
rm -f hotpatched.phar;
php --define open_basedir= --define phar.readonly=0 -r '$phar=new Phar("hotpatched.phar");$phar->buildFromDirectory("unpacked");$phar->setStub("#!/usr/bin/env php\n".$phar->createDefaultStub("bin/composer"));'
but replace bin/composer
with the phar package's real entrypoint (in the case of composer, it's bin/composer
) then make the hotpatched phar executable:
chmod +x hotpached.phar
and voila, your phar is patched :) the phar even works with php.ini phar.require_hash=1
tip: you can add $phar->compress(Phar::BZ2);
if you want the phar compressed/smaller
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.